ALSA-2020:4659

[ALSA-2020:4659] Moderate: gd security update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. 

Security Fix(es):

* gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

* gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)

* gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gd-2.2.5-7.el8.aarch64.rpm	6fd636508eee6b5a3ca9a9793c662242c7c952a5ef0b06204dc07972abfbec79
aarch64	gd-devel-2.2.5-7.el8.aarch64.rpm	7951fffa5bf341bea7cd44637a5c1154ca89c5f67693587da53e85798217182a
i686	gd-devel-2.2.5-7.el8.i686.rpm	04229bdf149d2467ec8e2cf2032f5120957b7f805aca4c99788cd0cf8fc7a019
i686	gd-2.2.5-7.el8.i686.rpm	da6b77f0140a9c2d8b2a835954c1d50a7a7017a6ccf68d75ee056835cbb611dc
ppc64le	gd-devel-2.2.5-7.el8.ppc64le.rpm	2bdabf0efae2d133eb0313f08188e71af2acb0131d68bc741e259169205ea401
ppc64le	gd-2.2.5-7.el8.ppc64le.rpm	ce27e20da08d5dfe18ded15d62662becf4d7f33053dab4ceca9ba68f20569e4a
x86_64	gd-devel-2.2.5-7.el8.x86_64.rpm	71bb05f9296f6ff5851b69fa7f6f99e4cd722bf4f1078fb42a6ebfb14d8e7aa9
x86_64	gd-2.2.5-7.el8.x86_64.rpm	d41ea3d83f961db23c9976dc8bc937723ea43710e97cf1adc679733699f4c478

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.