Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in gd
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in gd
ID: 201607-04
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: So, 17. Juli 2016, 00:45
Referenzen: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
Applikationen: gd

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--1Fr1RL6qcuigHusBmxaUPU1kIkUNFbxX4
Content-Type: multipart/mixed;
 boundary="COTex6b4bdMBgp2hI0JA7bEbFcD45Jiok"
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <0c9128c0-a9f7-5c11-605d-480e56813fb1@gentoo.org>
Subject: [ GLSA 201607-04 ] GD: Multiple vulnerabilities

--COTex6b4bdMBgp2hI0JA7bEbFcD45Jiok
Content-Type: multipart/alternative;
 boundary="------------E8E515DB01FC7FA66D07200D"

This is a multi-part message in MIME format.
--------------E8E515DB01FC7FA66D07200D
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201607-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: GD: Multiple vulnerabilities
     Date: July 16, 2016
     Bugs: #504872, #538686, #581942
       ID: 201607-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in GD, the worst of which
allows remote attackers to execute arbitrary code.

Background
==========

GD is a graphic library for fast image creation.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  media-libs/gd                < 2.2.2                    >= 2.2.2 

Description
===========

Multiple vulnerabilities have been discovered in GD. Please review the
CVE identifiers referenced below for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GD users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=media-libs/gd-2.2.2"

References
==========

[ 1 ] CVE-2014-2497
      http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2497
[ 2 ] CVE-2014-9709
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
[ 3 ] CVE-2016-3074
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201607-04

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


--------------E8E515DB01FC7FA66D07200D
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

    <meta http-equiv=3D"Content-Type" content=3D"text/html;
 charset=3Dutf=
-8">
  </head>
  <body bgcolor=3D"#FFFFFF" text=3D"#000000">
    <p>
      <meta http-equiv=3D"Content-Type" content=3D"text/html;
 charset=3Du=
tf-8">
    </p>
    <pre style=3D"color: rgb(0, 0, 0); font-style: normal; font-variant:
 =
normal; font-weight: normal; letter-spacing: normal; line-height: normal;=
 orphans: auto; text-align: start; text-indent: 0px; text-transform: none=
; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap=
: break-word; white-space: pre-wrap;">- - - - - - - - - - - - - - - - -
 -=
 - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201607-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           <a
 class=3D"moz-txt-link-freet=
ext" href=3D"https://security.gentoo.org/">https://security.gentoo.org/</=
a>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: GD: Multiple vulnerabilities
     Date: July 16, 2016
     Bugs: #504872, #538686, #581942
       ID: 201607-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in GD, the worst of which
allows remote attackers to execute arbitrary code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

GD is a graphic library for fast image creation.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  media-libs/gd                &lt; 2.2.2                    &gt;=3D
 2=
=2E2.2=20

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in GD. Please review the
CVE identifiers referenced below for details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All GD users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose "&gt;=3Dmedia-libs/gd-2.2.2"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ 1 ] CVE-2014-2497
      <a class=3D"moz-txt-link-freetext" href=3D"http://web.nvd.nist.gov/=
view/vuln/detail?vulnId=3DCVE-2014-2497">http://web.nvd.nist.gov/view/vul=
n/detail?vulnId=3DCVE-2014-2497</a>
[ 2 ] CVE-2014-9709
      <a class=3D"moz-txt-link-freetext" href=3D"http://cve.mitre.org/cgi=
-bin/cvename.cgi?name=3DCVE-2014-9709">http://cve.mitre.org/cgi-bin/cvena=
me.cgi?name=3DCVE-2014-9709</a>
[ 3 ] CVE-2016-3074
      <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-3074">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-3074</a>

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 <a class=3D"moz-txt-link-freetext" href=3D"https://security.gentoo.org/g=
lsa/201607-04">https://security.gentoo.org/glsa/201607-04</a>

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
<a class=3D"moz-txt-link-abbreviated"
 href=3D"mailto:security@gentoo.org"=
>security@gentoo.org</a> or alternatively, you may file a bug at
<a class=3D"moz-txt-link-freetext" href=3D"https://bugs.gentoo.org">https=
://bugs.gentoo.org</a>.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

<a class=3D"moz-txt-link-freetext" href=3D"http://creativecommons.org/lic=
enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre>
  </body>
</html>

--------------E8E515DB01FC7FA66D07200D--

--COTex6b4bdMBgp2hI0JA7bEbFcD45Jiok--

--1Fr1RL6qcuigHusBmxaUPU1kIkUNFbxX4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1

iQJ8BAEBCgBmBQJXijIlXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5
RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/DcoP/i/OwACj3ic7h5b27upj4gUm
VpTsmL2hJKOL1ohHQMlXhiUQhiLAEiv9Dn07f2ElMlqXRptUOFMV8yeIkY+drBXu
+Bs1AZQe7+OA2jH9fzwcEgrW5v7M0BgYHN0FbjRLFO+XsH6FiH48rXmxXML4eXsG
iFQLeOeEVuw+6LfO488SAD0FKHgteajv4ttrG0T/9p7ivPZ4tw2ftMH6IQF6tjdy
S+YZDJGEXLFEHzDoeySFX5rl5xDv4/VCYHtayzgQIxZi31EucPvPrV8bKnvsDR/e
olVOIeY7JAnWOYFOvjfO9BZvZqn/1jLzoxo9j/Eo706aB5bu1Sj/Qtmw0pF56KQp
GFgC1pIppTPepmlI/nzVKS+oOsUyKn+kYE/0kF54VX+Ie3J58iTDIfoSCESpxdjc
5X66Bksu179dYoMsNUL80Slni5goNElAuUEwfO4kyGy1XKpbRkGkCsJz3sHRapq3
1EkxgGCGcVQvduZ0aciI6jWTvoL9lPMDPRTeuu711IUQwCudKZsDLM4+J8M5XrXw
yL9QcdPO2x+moz4cbKm25PaqblYIdHt+HGVdZdRqeZ/ZWW+3Tip+f2swqWn/yvd3
ZwlZCd8HYY249ydkOtZBLkbdVyhEDIO+UKKa81YIo48/DUY1FHTISBasruq1+txK
1oGwRJuO6L8WV6FUaWEK
=qTks
-----END PGP SIGNATURE-----

--1Fr1RL6qcuigHusBmxaUPU1kIkUNFbxX4--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung