drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in gd
Name: |
Mehrere Probleme in gd |
|
ID: |
USN-3030-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10, Ubuntu 16.04 LTS |
|
Datum: |
Mo, 11. Juli 2016, 22:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766 |
|
Applikationen: |
gd |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0606568803190109146== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6HWqJWxuam7EWmk13rlre7jfVJrRorjuK"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6HWqJWxuam7EWmk13rlre7jfVJrRorjuK Content-Type: multipart/mixed; boundary="9IX5qAd9eUt6V5HPNebPkrWOnQEUJavjC" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <5783DFC5.2080505@canonical.com> Subject: [USN-3030-1] GD library vulnerabilities
--9IX5qAd9eUt6V5HPNebPkrWOnQEUJavjC Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3030-1 July 11, 2016
libgd2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
The GD library could be made to crash or run programs if it processed a specially crafted image file.
Software Description: - libgd2: GD Graphics Library
Details:
It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456)
It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116)
It was discovered that the GD library incorrectly handled memory when using _gd2GetHeader(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-5766)
It was discovered that the GD library incorrectly handled certain color indexes. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128)
It was discovered that the GD library incorrectly handled memory when encoding a GIF image. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6161)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libgd3 2.1.1-4ubuntu0.16.04.2
Ubuntu 15.10: libgd3 2.1.1-4ubuntu0.15.10.2
Ubuntu 14.04 LTS: libgd3 2.1.0-3ubuntu0.2
Ubuntu 12.04 LTS: libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.2 libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3030-1 CVE-2013-7456, CVE-2016-5116, CVE-2016-5766, CVE-2016-6128, CVE-2016-6161
Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.15.10.2 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.2 https://launchpad.net/ubuntu/+source/libgd2/2.0.36~rc1~dfsg-6ubuntu2.2
--9IX5qAd9eUt6V5HPNebPkrWOnQEUJavjC--
--6HWqJWxuam7EWmk13rlre7jfVJrRorjuK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXg9/FAAoJEGVp2FWnRL6TevYP/0qxZ2INiHJ4zxkLwcgruHEV yHmYhvJSJs6SIc6g2U2bskaTHcUiZmO6pERuAbX6KGXcXkD8x2xIp4fy1D65v5TY BdgdsT/FY/m5B262hVzOytsrBZuxF940dLfOCfeg7Om/qix0Y+dUH5DQMyfYs3S1 PcX1aTNdM2fR5qE5kFtlh0gD+Wot95dEIn56qy0J9t7OxEPspBuMNjaw2xQE8e0v n1ewpnypeM40Obo64dHPYlrBkgCV1PfMArYmr2U79ZxSEzHkVyX9WqIX5i5rno2G ahFwldKpL8iPaNW4zTUBfT3EK5SBjcyuFLEunpfUXQALOXHgmuOMHZAK5WNas5rr heJD4jw+JQHrN+9pcm/GhM8k/+xxTCVJqMTd2dMqPDNBlK9G3rxaRfIWUqV50ccE 1ocXt2HHYUBQKpWuCkx1b6cFgNrHz2tE4DuPYLLZpKMr/EqbEus/gl3kRegzx0vV LOp7+OnzUDhjGVBS4CEbyojv+KEamjzStkyjDjyZu8G+K45tx27MsoZehe+qP57H bI1TVInBrsJDMMTEQm04u0cZJnfovSyXdb2tMVcd1Cq0rD5crauFHmYgFYo9SQ71 Dn8Vvs/7Q4pR0ecLt/bNoCzpo6BKVGH1TSoS3kfVAmwWTzO0qX4Ah8pI4EKvitim LeL+bJvESutC51v+idBM =V3qa -----END PGP SIGNATURE-----
--6HWqJWxuam7EWmk13rlre7jfVJrRorjuK--
--===============0606568803190109146== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0606568803190109146==--
|
|
|
|