Denial of Service in gd
ID: | USN-3410-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04 |
Datum: | Mi, 6. September 2017, 07:59 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362 |
Applikationen: | gd |
Originalnachricht |
|
--===============9221574941686954660== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-jzwn9EC5kAYcKpS57BVv" --=-jzwn9EC5kAYcKpS57BVv Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 ========================================================================== Ubuntu Security Notice USN-3410-1 September 05, 2017 libgd2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: GD library could be made to crash if it opened a specially crafted file. Software Description: - libgd2: GD Graphics Library Details: It was discovered a double-free vulnerability in GD library. A remote attacker could write arbitrary values in memory spaces or made programs to crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: libgd-tools 2.2.4-2ubuntu0.3 libgd3 2.2.4-2ubuntu0.3 Ubuntu 16.04 LTS: libgd-tools 2.1.1-4ubuntu0.16.04.8 libgd3 2.1.1-4ubuntu0.16.04.8 Ubuntu 14.04 LTS: libgd-tools 2.1.0-3ubuntu0.8 libgd3 2.1.0-3ubuntu0.8 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3410-1 CVE-2017-6362 Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.2.4-2ubuntu0.3 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.8 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.8 |