drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in gd
Name: |
Pufferüberlauf in gd |
|
ID: |
DSA-3751-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie, Debian stretch |
|
Datum: |
So, 1. Januar 2017, 23:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933 |
|
Applikationen: |
gd |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3751-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libgd2 CVE ID : CVE-2016-9933 Debian Bug : 849038
A stack overflow vulnerability was discovered within the gdImageFillToBorder function in libgd2, a library for programmatic graphics creation and manipulation, triggered when invalid colors are used with truecolor images. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.
For the stable distribution (jessie), this problem has been fixed in version 2.1.0-5+deb8u8.
For the testing distribution (stretch), this problem has been fixed in version 2.2.2-29-g3c2b605-1.
For the unstable distribution (sid), this problem has been fixed in version 2.2.2-29-g3c2b605-1.
We recommend that you upgrade your libgd2 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhpNeBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rvjw/9ERJvLtD/x0p4jEP6p3iUkPyDig0xVZLuAtcHcHKWb+HdNf3W3iOCp3Qz H/ybWGxno3lDBFTzjaqFq9RUf1+SanbqHfEnQ22UQuKhXgiLaxDXKoIKBgUrcvl0 zdVvH+SHon5f17vUOKzWR9GVV+Aqwe6B461uS/BRA8UsaxiViBndGd1YLd3y17g4 hHWICoRSxEwm5NjWsFXQQRfuDuEp4MwSv5a71WPZ0s9EjlbvMCFIYcwaFhFDF3de UjeeWk2nwZY+z4nZD6G1PKrdCNs3JiA5pfswM3hEsdyd9xq0uNUXkFYv/V9kPCHy s5JVT5qnCGI6UNkWQk50I8GN0hV4+b8o2h9q5XCxwhPXRby6N3qkcq5ZyiW9jjr/ CVf6nVMkWHfDDAsFFSE5taUpwSPCYzb7GPK648X2qODlIg+7uOMCZBDs1t3yAWdU RyRjVLSXcvfy7TeDriFcOlqgsMMAclowQYYO4PINtV3yKMBcl8dqzbVQBAu5Z5Bx 820rvTA15JOM0GIkOATFJUhX1PzxcrvGAP458yCCbzap9PHVcYLvTiaW5Y/zFiqU WhS1YnKtJfe/YQ+T99+VXQgFAvdL0+wN6R7sTYWl/m/c5WUk4jXFkEkneweoGKUe SEPsD57Cljauai/rAhD7i4L6YQJYt0jvnu2wffQ6mTPPDcFEZtU= =CDTq -----END PGP SIGNATURE-----
|
|
|
|