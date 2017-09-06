

--===============9221574941686954660==

Content-Type: multipart/signed; micalg="pgp-sha256";

protocol="application/pgp-signature";

boundary="=-jzwn9EC5kAYcKpS57BVv"





--=-jzwn9EC5kAYcKpS57BVv

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: base64



==========================================================================

Ubuntu Security Notice USN-3410-1

September 05, 2017



libgd2 vulnerability

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



GD library could be made to crash if it opened a specially crafted

file.



Software Description:

- libgd2: GD Graphics Library



Details:



It was discovered a double-free vulnerability in GD library.

A remote attacker could write arbitrary values in memory

spaces or made programs to crash.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

libgd-tools 2.2.4-2ubuntu0.3

libgd3 2.2.4-2ubuntu0.3



Ubuntu 16.04 LTS:

libgd-tools 2.1.1-4ubuntu0.16.04.8

libgd3 2.1.1-4ubuntu0.16.04.8



Ubuntu 14.04 LTS:

libgd-tools 2.1.0-3ubuntu0.8

libgd3 2.1.0-3ubuntu0.8



In general, a standard system update will make all the necessary

changes.



References:

https://www.ubuntu.com/usn/usn-3410-1

CVE-2017-6362



Package Information:

https://launchpad.net/ubuntu/+source/libgd2/2.2.4-2ubuntu0.3

https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.8

https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.8

