drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in gd
Name: |
Mehrere Probleme in gd |
|
ID: |
USN-2987-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10, Ubuntu 16.04 LTS |
|
Datum: |
Di, 31. Mai 2016, 23:26 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877 |
|
Applikationen: |
gd |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5272427377149800653== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xv1HdsLCKjVG1Darot2P6K0WuiIpNn8Mt"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xv1HdsLCKjVG1Darot2P6K0WuiIpNn8Mt Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2987-1 May 31, 2016
libgd2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
The GD library could be made to crash or run programs if it processed a specially crafted image file.
Software Description: - libgd2: GD Graphics Library
Details:
It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497)
It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709)
It was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874)
It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877)
Hans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libgd3 2.1.1-4ubuntu0.16.04.1
Ubuntu 15.10: libgd3 2.1.1-4ubuntu0.15.10.1
Ubuntu 14.04 LTS: libgd3 2.1.0-3ubuntu0.1
Ubuntu 12.04 LTS: libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.1 libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2987-1 CVE-2014-2497, CVE-2014-9709, CVE-2015-8874, CVE-2015-8877, CVE-2016-3074
Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libgd2/2.0.36~rc1~dfsg-6ubuntu2.1
--xv1HdsLCKjVG1Darot2P6K0WuiIpNn8Mt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXTbWCAAoJEGVp2FWnRL6TXd8P/01TM1s+kG/Bs4MHWR03K5uy BqvG84osWhM0eTXjTUmAbXz5DeqbPfnxZ4ujWjJHs3d38uiCFy1+XikgBND6+VMt mxk93vygP5t6BZqs+1d915tH4Yiax9LCLrrUvJIHIs8b2Zd55pnQTrsrxvbddtAz v8KaMpFqFfZ8LTsqKA5r3Oa4hG42VD9TQ45vYC5hKG688aMarqHeRixLxMsdubk9 DzUiFmXOc/aHDEaCCVBFErqxhGlz8/uh7/cC687IgT7+JSA3fa6dnF7jSV7jakbJ HouRaITPLcp4OO8TlCCC0L1nelUaK8SwybcTvnA+2CIe+QWEgaobVqG48vDSnuFJ /0JGWUMWROVrsN1rpdBEN2bCR6TCMl0QioqcpW+LJ7OB/Z4GZRh3rLfuUXPHc4R2 nVjlAV3T7UM38VySRulkcZ7o6uqxmVb96uBKzDrM51T7kdQebUW/I0ZpFF+Ixdef fmJocXwmhBfuMAuK/tt08lJcgvvqXFkwfHNnbK8Hf0tOMQ+/bH1B1viduQJhCPE8 ucsQ9/35peD1q1TzMrp7fE3/xqOGCSAbN3wpdKpbTLQjfHYlSJgIPXkWDymhqsWf 9Pn40gB/5JxJGc++bay74nr3/zTXypSG6DRAZaG1aLJFQvnG2NL4I97WJovKQPeR MVZq+v/QGRhJD4NIY15R =nH9U -----END PGP SIGNATURE-----
--xv1HdsLCKjVG1Darot2P6K0WuiIpNn8Mt--
--===============5272427377149800653== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5272427377149800653==--
|
|
|
|