Sicherheit: Zwei Probleme in GD

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6016508836520375901==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId
Content-Type: multipart/mixed;
boundary="yhvxewltSXB4x2QDZfihoBezPaN77Gzim";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <282e60f2-ea67-9c19-2708-879b3e788260@canonical.com>
Subject: [USN-3900-1] GD vulnerabilities

--yhvxewltSXB4x2QDZfihoBezPaN77Gzim
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3900-1
February 28, 2019

libgd2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in GD.

Software Description:
- libgd2: GD Graphics Library

Details:

It was discovered that GD incorrectly handled memory when processing
certain images. A remote attacker could use this issue with a specially
crafted image file to cause GD to crash, resulting in a denial of service,
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
libgd-tools 2.2.5-4ubuntu1.1
libgd3 2.2.5-4ubuntu1.1

Ubuntu 18.04 LTS:
libgd-tools 2.2.5-4ubuntu0.3
libgd3 2.2.5-4ubuntu0.3

Ubuntu 16.04 LTS:
libgd-tools 2.1.1-4ubuntu0.16.04.11
libgd3 2.1.1-4ubuntu0.16.04.11

Ubuntu 14.04 LTS:
libgd-tools 2.1.0-3ubuntu0.11
libgd3 2.1.0-3ubuntu0.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3900-1
CVE-2019-6977, CVE-2019-6978

Package Information:
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu1.1
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.3
https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.11
https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.11

--yhvxewltSXB4x2QDZfihoBezPaN77Gzim--

--OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlx3868ACgkQZWnYVadE
vpM0eA//c92UZeucuWR+pgy+2zNq3uXK9XJ8+yh+8Lr6LZ9SWmNkrMJLcGrWqYJO
b3NibjCLLwW9spQzB/Ig9EWNGD377vsY7s+q/CV+oEUNZwxTXYZZxkJPRwnJ6k8N
DhdwuGmnInwIa4RUksv3oUYmajQihBSr7sKH8DJ2ZkB/tDFjJalUv/VfxHLzQcZX
znP0ca7/koTc9pzViLpsbWS0ZqyJVsIqRgWobMIH1DWA6NqUnCYBEhDFzKkiPsir
xrKXw9drZn8Hf2wzQ8P+jMXWMNFKBOnXxla+87BMAlx3a7ZegTLecqojgNY/vAD6
D3pR41rCIbMTfZIq6w194JSu3NPMK4UPiY1ayOIsKQy8Do1SGMO/yubR6KuYoGX+
AyJp7/g4BSY2zI7p1hfBmotq06CDmYQaUDRKPJ2Uoeeyfjn1pLEz3h0UMkyv8XW4
84mXzclK4PS9Fju0n1pHbjZKqoAGtcV3e5s14iYsp2ebSDFq0e1SGmzjhWvX+PSK
7CIwoZEZ2sONYFj3B1STJjMFtsUcjcutW657v8TExaBt4JoDr1MN5EajuegHq23K
mLuwmkX9h8uAx0ovvT/tFCvxbYsddyNrkdafXXSBD45KRAoyfAGaw1ONIsqO6WDi
6evlkQaA+Jzip8VroQFguaRRoKRIDAiOJ9caD00JrJl+6El+l5M=
=Znfu
-----END PGP SIGNATURE-----

--OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId--

--===============6016508836520375901==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6016508836520375901==--