Preisgabe von Informationen in gd (Aktualisierung)
ID: | USN-3389-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 ESM |
Datum: | Di, 15. August 2017, 07:27 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890 |
Applikationen: | gd |
Update von: | Preisgabe von Informationen in gd |
Originalnachricht |
|
--===============7676314237706396118== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-bsTo1xBhYq30EQK+SYzI" --=-bsTo1xBhYq30EQK+SYzI Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-3389-2 August 14, 2017 libgd2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: The system could be made to expose sensitive information. Software Description: - libgd2: GD Graphics Library Details: USN-3389-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details:  A vulnerability was discovered in GD Graphics Library (aka libgd),  as used in PHP that does not zero colorMap arrays before use.  A specially crafted GIF image could use the uninitialized tables to  read bytes from the top of the stack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM:  libgd-tools                     2.0.36~rc1~dfsg-6ubuntu2.5 In general, a standard system update will make all the necessary changes. References:  https://www.ubuntu.com/usn/usn-3389-2  https://www.ubuntu.com/usn/usn-3389-1  CVE-2017-7890 --ÛsTo1xBhYq30EQK+SYzI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJZkf9PAAoJEEW851uECx9pL24QAIhpyKoy2EKj7zQsoNUv+41r hX45sG/E3h++flRhdJh1yWHvlxS1CcxliBf5uECWgV8+4/ssaeh/e2D4tU0hqfiC 4iKGSjRRyXvau7FGjpACNI2DBsEzjkfsguMv8D/apLVtVTtn/smuKMRh2pZopLpt khSzSw/631NvBjdEzjfO8cyWALu2i8oZa6CMjd+XRJ+Q7ZMH3DDnBLz75dJCGEPE 7uHXY23yHvcEWvIDgGlJ4oKhjvSjLM5scBSlBikFojiYoryFwFHnEHgCeqgDLGso xvPB7j28ur7cX4lPIVXaNIxhspa8TP9IofM4XF+LBqOcrW8Nwi+SLNQ6g7kp6OZ5 EXG7KHgnAA4XNWH1NcLplsYJ83sXrn681/6lo8MzwhmbIpIYLq7TYfqBWWqBuhvJ DNSEXv9SqRkfE04Db2ddna/v6sizgWqKIWJ5V3mZYO7abVOdYpR60reBz2qpkxGs p+dibGvurAEaoEQzwRCX8I3xrN28Mi0141Ro1/tFfUyp26gI8hENS2Nn449pssBd iZ1Rh9Cq4c650kU2csg3Vxr9O++REHpqyLjNN90FvbWpnYDMRLBzBmwmX1zw33X1 BQwDxe15WXOGMCSM0O4i7KiX0fqpIP1tsyLeh6zLnq559Pa7YBKVw96rg4Pbbhbk prSUxZcB8rtFYx/szHL3 =TYYU -----END PGP SIGNATURE----- --=-bsTo1xBhYq30EQK+SYzI-- --===============7676314237706396118== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============7676314237706396118==-- |