drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in GD
Name: |
Zwei Probleme in GD |
|
ID: |
USN-3900-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10 |
|
Datum: |
Do, 28. Februar 2019, 16:34 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978 |
|
Applikationen: |
gd |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6016508836520375901== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId Content-Type: multipart/mixed; boundary="yhvxewltSXB4x2QDZfihoBezPaN77Gzim"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <282e60f2-ea67-9c19-2708-879b3e788260@canonical.com> Subject: [USN-3900-1] GD vulnerabilities
--yhvxewltSXB4x2QDZfihoBezPaN77Gzim Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3900-1 February 28, 2019
libgd2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in GD.
Software Description: - libgd2: GD Graphics Library
Details:
It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: libgd-tools 2.2.5-4ubuntu1.1 libgd3 2.2.5-4ubuntu1.1
Ubuntu 18.04 LTS: libgd-tools 2.2.5-4ubuntu0.3 libgd3 2.2.5-4ubuntu0.3
Ubuntu 16.04 LTS: libgd-tools 2.1.1-4ubuntu0.16.04.11 libgd3 2.1.1-4ubuntu0.16.04.11
Ubuntu 14.04 LTS: libgd-tools 2.1.0-3ubuntu0.11 libgd3 2.1.0-3ubuntu0.11
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3900-1 CVE-2019-6977, CVE-2019-6978
Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu1.1 https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.3 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.11 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.11
--yhvxewltSXB4x2QDZfihoBezPaN77Gzim--
--OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlx3868ACgkQZWnYVadE vpM0eA//c92UZeucuWR+pgy+2zNq3uXK9XJ8+yh+8Lr6LZ9SWmNkrMJLcGrWqYJO b3NibjCLLwW9spQzB/Ig9EWNGD377vsY7s+q/CV+oEUNZwxTXYZZxkJPRwnJ6k8N DhdwuGmnInwIa4RUksv3oUYmajQihBSr7sKH8DJ2ZkB/tDFjJalUv/VfxHLzQcZX znP0ca7/koTc9pzViLpsbWS0ZqyJVsIqRgWobMIH1DWA6NqUnCYBEhDFzKkiPsir xrKXw9drZn8Hf2wzQ8P+jMXWMNFKBOnXxla+87BMAlx3a7ZegTLecqojgNY/vAD6 D3pR41rCIbMTfZIq6w194JSu3NPMK4UPiY1ayOIsKQy8Do1SGMO/yubR6KuYoGX+ AyJp7/g4BSY2zI7p1hfBmotq06CDmYQaUDRKPJ2Uoeeyfjn1pLEz3h0UMkyv8XW4 84mXzclK4PS9Fju0n1pHbjZKqoAGtcV3e5s14iYsp2ebSDFq0e1SGmzjhWvX+PSK 7CIwoZEZ2sONYFj3B1STJjMFtsUcjcutW657v8TExaBt4JoDr1MN5EajuegHq23K mLuwmkX9h8uAx0ovvT/tFCvxbYsddyNrkdafXXSBD45KRAoyfAGaw1ONIsqO6WDi 6evlkQaA+Jzip8VroQFguaRRoKRIDAiOJ9caD00JrJl+6El+l5M= =Znfu -----END PGP SIGNATURE-----
--OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId--
--===============6016508836520375901== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6016508836520375901==--
|
|
|
|