ID SSA-2017-199-02
Type slackware
Reporter Slackware Linux Project
Modified 2017-07-18T16:14:05


New gd packages are available for Slackware 14.2 and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/gd-2.2.4-i586-1_slack14.2.txz: Upgraded. Fixes security issues: gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) double-free in gdImageWebPtr() (CVE-2016-6912) potential unsigned underflow in gd_interpolation.c (CVE-2016-10166) DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) Signed Integer Overflow gd_io.c (CVE-2016-10168) For more information, see: ( Security fix )

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab ( for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on for additional mirror sites near you.

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:

MD5 signatures:

Slackware 14.2 package: 21e9b5cb669f9d5ab687520335c0c2ab gd-2.2.4-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: 86429d33e59bd6f819c0757c923d58c7 gd-2.2.4-x86_64-1_slack14.2.txz

Slackware -current package: 3c2e50dcc5cbd4f895186cf096500a9f l/gd-2.2.4-i586-1.txz

Slackware x86_64 -current package: 26cd09da8385e8607795aaedfdb5758a l/gd-2.2.4-x86_64-1.txz

Installation instructions:

Upgrade the package as root: > upgradepkg gd-2.2.4-i586-1_slack14.2.txz