Package name
gd
Date
2014-07-10
Advisory ID
MDVSA-2014:133
Affected versions
MBS1 x86_64

Problem description

Updated gd and libgd packages fix security vulnerability:

The gdImageCreateFromXpm function in gdxpm.c in the gd image library
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted color table in an
XPM file (CVE-2014-2497).

Updated packages

MBS1 x86_64

 133d72d12a278f494662878dd8b8fafb  mbs1/x86_64/gd-utils-2.0.35-19.1.mbs1.x86_64.rpm
 91c8a7f9053c2c335ea49bbb30bb21fc  mbs1/x86_64/lib64gd2-2.0.35-19.1.mbs1.x86_64.rpm
 3422b3f8b50dc626be29096304662d56  mbs1/x86_64/lib64gd-devel-2.0.35-19.1.mbs1.x86_64.rpm
 09b1c9c6e62fc636173aafac4a36f7b6  mbs1/x86_64/lib64gd-static-devel-2.0.35-19.1.mbs1.x86_64.rpm 
 7afba6bce1ba80c873bbe2df3bf89862  mbs1/SRPMS/gd-2.0.35-19.1.mbs1.src.rpm

References