Oval Definition:oval:com.redhat.rhsa:def:20204659
Revision Date:2020-11-04Version:635
Title:RHSA-2020:4659: gd security update (Moderate)
Description:GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats.

Security Fix(es):

  • gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  • gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)

  • gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2018-14553
    CVE-2019-6977
    CVE-2019-6978
    RHSA-2020:4659
    Platform(s):Red Hat Enterprise Linux 8
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • AND
  • gd is earlier than 0:2.2.5-7.el8
  • AND gd is signed with Red Hat redhatrelease2 key
  • gd-devel is earlier than 0:2.2.5-7.el8
  • AND gd-devel is signed with Red Hat redhatrelease2 key
  • BACK