[SECURITY] [DSA 3961-1] libgd2 security update

2017-09-0306:01:38

lists.debian.org

0.008 Low

EPSS

Percentile

82.2%

JSON

Debian Security Advisory DSA-3961-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 03, 2017 https://www.debian.org/security/faq

Package : libgd2
CVE ID : CVE-2017-6362

A double-free vulnerability was discovered in the gdImagePngPtr()
function in libgd2, a library for programmatic graphics creation and
manipulation, which may result in denial of service or potentially the
execution of arbitrary code if a specially crafted file is processed.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.1.0-5+deb8u11.

For the stable distribution (stretch), this problem has been fixed in
version 2.2.4-2+deb9u2.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.5-1.

We recommend that you upgrade your libgd2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7armhflibgd-tools< 2.0.36~rc1~dfsg-6.1+deb7u10libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u10_armhf.deb
Debian9arm64libgd-dev< 2.2.4-2+deb9u2libgd-dev_2.2.4-2+deb9u2_arm64.deb
Debian9mips64ellibgd3-dbgsym< 2.2.4-2+deb9u2libgd3-dbgsym_2.2.4-2+deb9u2_mips64el.deb
Debian8arm64libgd3< 2.1.0-5+deb8u11libgd3_2.1.0-5+deb8u11_arm64.deb
Debian8powerpclibgd-dbg< 2.1.0-5+deb8u11libgd-dbg_2.1.0-5+deb8u11_powerpc.deb
Debian8i386libgd2-noxpm-dev< 2.1.0-5+deb8u11libgd2-noxpm-dev_2.1.0-5+deb8u11_i386.deb
Debian7amd64libgd2-xpm-dev< 2.0.36~rc1~dfsg-6.1+deb7u10libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u10_amd64.deb
Debian7armellibgd2-xpm< 2.0.36~rc1~dfsg-6.1+deb7u10libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u10_armel.deb
Debian8armhflibgd2-noxpm-dev< 2.1.0-5+deb8u11libgd2-noxpm-dev_2.1.0-5+deb8u11_armhf.deb
Debian9armellibgd-dev< 2.2.4-2+deb9u2libgd-dev_2.2.4-2+deb9u2_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armhf	libgd-tools	< 2.0.36~rc1~dfsg-6.1+deb7u10	libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u10_armhf.deb
Debian	9	arm64	libgd-dev	< 2.2.4-2+deb9u2	libgd-dev_2.2.4-2+deb9u2_arm64.deb
Debian	9	mips64el	libgd3-dbgsym	< 2.2.4-2+deb9u2	libgd3-dbgsym_2.2.4-2+deb9u2_mips64el.deb
Debian	8	arm64	libgd3	< 2.1.0-5+deb8u11	libgd3_2.1.0-5+deb8u11_arm64.deb
Debian	8	powerpc	libgd-dbg	< 2.1.0-5+deb8u11	libgd-dbg_2.1.0-5+deb8u11_powerpc.deb
Debian	8	i386	libgd2-noxpm-dev	< 2.1.0-5+deb8u11	libgd2-noxpm-dev_2.1.0-5+deb8u11_i386.deb
Debian	7	amd64	libgd2-xpm-dev	< 2.0.36~rc1~dfsg-6.1+deb7u10	libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u10_amd64.deb
Debian	7	armel	libgd2-xpm	< 2.0.36~rc1~dfsg-6.1+deb7u10	libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u10_armel.deb
Debian	8	armhf	libgd2-noxpm-dev	< 2.1.0-5+deb8u11	libgd2-noxpm-dev_2.1.0-5+deb8u11_armhf.deb
Debian	9	armel	libgd-dev	< 2.2.4-2+deb9u2	libgd-dev_2.2.4-2+deb9u2_armel.deb