FEDORA-2016-722c0afc64 — security update for gd

stable

gd-2.2.3-5.fc25

FEDORA-2016-722c0afc64 created by mskalick 8 years ago for Fedora 25

Security fix for CVE-2016-8670
Security fix for CVE-2016-6911
Security fix for CVE-2016-7568
For Fedora 26 disabled two tests - they are failing because of freetype 2.7 (https://github.com/libgd/libgd/issues/302, https://github.com/libgd/libgd/issues/217)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-722c0afc64

This update has been submitted for testing by mskalick.

8 years ago

This update has been pushed to testing.

8 years ago

cserpentis commented & provided feedback 8 years ago

karma

works for me

heikoada commented & provided feedback 8 years ago

karma

LGTM

This update has been submitted for stable by bodhi.

8 years ago

filiperosset commented & provided feedback 8 years ago

karma

no regressions noted

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

8 years ago

in testing

8 years ago

in stable

8 years ago

Builds

gd-2.2.3-5.fc25

BZ#1380450 CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx

BZ#1380453 CVE-2016-7568 gd: gd, php: Integer overflow in gdImageWebpCtx [fedora-all]

BZ#1388787 CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf()

BZ#1388788 CVE-2016-6911 gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]

BZ#1391068 CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf

BZ#1391077 CVE-2016-8670 gd: Stack based buffer overflow in dynamicGetbuf [fedora-all]

gd-2.2.3-5.fc25

Automated Test Results

None