Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in GD
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in GD
ID: USN-4316-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.10
Datum: Fr, 3. April 2020, 07:30
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553
Applikationen: gd

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8746807481814689564==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="yGXJR71if2lt62oFHycsPGe44PGCCavai"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--yGXJR71if2lt62oFHycsPGe44PGCCavai
Content-Type: multipart/mixed;
 boundary="sRDH8BccMgvXkAyo6eP8UQ2HJ42ahffmO"

--sRDH8BccMgvXkAyo6eP8UQ2HJ42ahffmO
Content-Type: multipart/alternative;
 boundary="------------4A13B92E3EF1EECE36CFB390"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------4A13B92E3EF1EECE36CFB390
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4316-1
April 02, 2020

libgd2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GD Graphics Library.

Software Description:
- libgd2: Open source code library for the dynamic creation of images

Details:

It was discovered that GD Graphics Library incorrectly handled cloning an
image. An attacker could possibly use this issue to cause GD Graphics
Library
to crash, resulting in a denial of service. (CVE-2018-14553)

It was discovered that GD Graphics Library incorrectly handled loading
images
from X bitmap format files. An attacker could possibly use this issue to
cause
GD Graphics Library to crash, resulting in a denial of service, or to
disclose
contents of the stack that has been left there by previous code. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-11038)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  libgd-tools                     2.2.5-5.2ubuntu0.19.10.1
  libgd3                          2.2.5-5.2ubuntu0.19.10.1

Ubuntu 18.04 LTS:
  libgd-tools                     2.2.5-4ubuntu0.4
  libgd3                          2.2.5-4ubuntu0.4

Ubuntu 16.04 LTS:
  libgd-tools                     2.1.1-4ubuntu0.16.04.12
  libgd3                          2.1.1-4ubuntu0.16.04.12

In general, a standard system update will make all the necessary changes.

References:

  https://usn.ubuntu.com/4316-1
  CVE-2018-14553, CVE-2019-11038

Package Information:
  https://launchpad.net/ubuntu/+source/libgd2/2.2.5-5.2ubuntu0.19.10.1
<https://launchpad.net/ubuntu/+source/libgd2/2.2.5-5.2ubuntu0.19.10.1>
  https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.4
<https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.4>
  https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.12
<https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.12>


--------------4A13B92E3EF1EECE36CFB390
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html;
 charset=3DUTF=
-8">
  </head>
  <body>
    <p><span class=3D"im" style=3D"font-style: normal;
        font-variant-ligatures: normal; font-variant-caps: normal;
        font-weight: 400; letter-spacing: normal; text-align: start;
        text-indent: 0px; text-transform: none; white-space: normal;
        word-spacing: 0px; -webkit-text-stroke-width: 0px;
        text-decoration-style: initial; text-decoration-color: initial;
        font-family: Arial, Helvetica, sans-serif; font-size: small;
        background-color: rgb(255, 255,
 255);">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
        Ubuntu Security Notice USN-4316-1<br>
        April 02, 2020<br>
        <br>
        libgd2 vulnerabilities<br>
        =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D<br>
        <br>
        A security issue affects these releases of Ubuntu and its
        derivatives:<br>
        <br>
        - Ubuntu 19.10<br>
        - Ubuntu 18.04 LTS<br>
        - Ubuntu 16.04 LTS<br>
        <br>
      </span><span style=3D"font-style: normal;
 font-variant-ligatures:
        normal; font-variant-caps: normal; font-weight: 400;
        letter-spacing: normal; text-align: start; text-indent: 0px;
        text-transform: none; white-space: normal; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; text-decoration-style: initial;
        text-decoration-color: initial; font-family: Arial, Helvetica,
        sans-serif; font-size: small; background-color: rgb(255, 255,
        255);">Summary:</span><br style=3D"font-style:
 normal;
        font-variant-ligatures: normal; font-variant-caps: normal;
        font-weight: 400; letter-spacing: normal; text-align: start;
        text-indent: 0px; text-transform: none; white-space: normal;
        word-spacing: 0px; -webkit-text-stroke-width: 0px;
        text-decoration-style: initial; text-decoration-color: initial;
        font-family: Arial, Helvetica, sans-serif; font-size: small;
        background-color: rgb(255, 255, 255);">
      <br style=3D"font-style: normal; font-variant-ligatures: normal;
        font-variant-caps: normal; font-weight: 400; letter-spacing:
        normal; text-align: start; text-indent: 0px; text-transform:
        none; white-space: normal; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; text-decoration-style: initial;
        text-decoration-color: initial; font-family: Arial, Helvetica,
        sans-serif; font-size: small; background-color: rgb(255, 255,
        255);">
      <span style=3D"font-style: normal; font-variant-ligatures: normal;
        font-variant-caps: normal; font-weight: 400; letter-spacing:
        normal; text-align: start; text-indent: 0px; text-transform:
        none; white-space: normal; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; text-decoration-style: initial;
        text-decoration-color: initial; font-family: Arial, Helvetica,
        sans-serif; font-size: small; background-color: rgb(255, 255,
        255);">Several security issues were fixed in GD Graphics
        Library.</span><span class=3D"im"
 style=3D"font-style: normal;
        font-variant-ligatures: normal; font-variant-caps: normal;
        font-weight: 400; letter-spacing: normal; text-align: start;
        text-indent: 0px; text-transform: none; white-space: normal;
        word-spacing: 0px; -webkit-text-stroke-width: 0px;
        text-decoration-style: initial; text-decoration-color: initial;
        font-family: Arial, Helvetica, sans-serif; font-size: small;
        background-color: rgb(255, 255, 255);"><br>
        <br>
        Software Description:<br>
        - libgd2: Open source code library for the dynamic creation of
        images<br>
        <br>
        Details:<br>
        <br>
        It was discovered that GD Graphics Library incorrectly handled
        cloning an<br>
        image. An attacker could possibly use this issue to cause GD
        Graphics Library<br>
        to crash, resulting in a denial of service. (CVE-2018-14553)<br>
        <br>
        It was discovered that GD Graphics Library incorrectly handled
        loading images<br>
        from X bitmap format files. An attacker could possibly use this
        issue to cause<br>
        GD Graphics Library to crash, resulting in a denial of service,
        or to disclose<br>
        contents of the stack that has been left there by previous code.
        This issue<br>
      </span><span style=3D"font-style: normal;
 font-variant-ligatures:
        normal; font-variant-caps: normal; font-weight: 400;
        letter-spacing: normal; text-align: start; text-indent: 0px;
        text-transform: none; white-space: normal; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; text-decoration-style: initial;
        text-decoration-color: initial; font-family: Arial, Helvetica,
        sans-serif; font-size: small; background-color: rgb(255, 255,
        255);">only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.
        (CVE-2019-11038)</span><span class=3D"im HOEnZb adL"
        style=3D"font-style: normal; font-variant-ligatures: normal;
        font-variant-caps: normal; font-weight: 400; letter-spacing:
        normal; text-align: start; text-indent: 0px; text-transform:
        none; white-space: normal; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; text-decoration-style: initial;
        text-decoration-color: initial; font-family: Arial, Helvetica,
        sans-serif; font-size: small; background-color: rgb(255, 255,
        255);"><br>
        <br>
        Update instructions:<br>
        <br>
        The problem can be corrected by updating your system to the
        following<br>
        package versions:<br>
        <br>
        Ubuntu 19.10:<br>
        =C2=A0 libgd-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A02.2.5-5.2ubuntu0.19.10.1<br>
        =C2=A0 libgd3=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2.2.5-5.2ubuntu0.19.10.1<br>
        <br>
        Ubuntu 18.04 LTS:<br>
        =C2=A0 libgd-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A02.2.5-4ubuntu0.4<br>
        =C2=A0 libgd3=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2.2.5-4ubuntu0.4<br>
        <br>
        Ubuntu 16.04 LTS:<br>
        =C2=A0 libgd-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A02.1.1-4ubuntu0.16.04.12<br>
        =C2=A0 libgd3=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2.1.1-4ubuntu0.16.04.12<br>
        <br>
        In general, a standard system update will make all the necessary
        changes.<br>
        <br>
        References:<br>
      </span></p>
    <div class=3D"HOEnZb adL" style=3D"font-style: normal;
      font-variant-ligatures: normal; font-variant-caps: normal;
      font-weight: 400; letter-spacing: normal; orphans: 2; text-align:
      start; text-indent: 0px; text-transform: none; white-space:
      normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width:
      0px; text-decoration-style: initial; text-decoration-color:
      initial; color: rgb(34, 34, 34); font-family: Arial, Helvetica,
      sans-serif; font-size: small; background-color: rgb(255, 255,
      255);">
      <div class=3D"im" style=3D"color: rgb(80, 0,
 80);">=C2=A0=C2=A0<a
          href=3D"https://usn.ubuntu.com/4316-1" rel=3D"noreferrer"
          target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://usn.ubuntu=
=2Ecom/4316-1&amp;source=3Dgmail&amp;ust=3D1585953507696000&amp;usg=3DAFQ
=
jCNEexc2cuevb71fbbOY1xGujdyHJaQ"
          style=3D"color: rgb(17, 85, 204);">https://usn.ubuntu.com/4316-=
1</a><br>
        <font color=3D"#000000">=C2=A0 CVE-2018-14553,
 CVE-2019-11038<br>=

          <br>
          Package Information:</font><br>
        =C2=A0=C2=A0<a
href=3D"https://launchpad.net/ubuntu/+source/libgd2/2.2.5-5.2ubuntu0.19.1=
0.1"
          rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/libgd2/2.2.5-5.2ubuntu0.19.10.1&amp;source=3Dgmail&a
=
mp;ust=3D1585953507696000&amp;usg=3DAFQjCNGkLgGy9R2MetZSCeGu29LymlTf4w"
          style=3D"color: rgb(17, 85, 204);">https://launchpad.net/ubuntu=
/+<wbr>source/libgd2/2.2.5-5.2ubuntu0<wbr>.19.10.1</a><br>
;
        =C2=A0=C2=A0<a
          href=3D"https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubun=
tu0.4"
          rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/libgd2/2.2.5-4ubuntu0.4&amp;source=3Dgmail&amp;ust=3D
=
1585953507696000&amp;usg=3DAFQjCNHTGBgADZV8d4jqiSrt9QM_qagKNw"
          style=3D"color: rgb(17, 85, 204);">https://launchpad.net/ubuntu=
/+<wbr>source/libgd2/2.2.5-4ubuntu0.4</a><br>
        =C2=A0=C2=A0<a
href=3D"https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.=
12"
          rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/libgd2/2.1.1-4ubuntu0.16.04.12&amp;source=3Dgmail&am
=
p;ust=3D1585953507696000&amp;usg=3DAFQjCNHoUWVBjkzePXcnevrPw_61jWoR4w"
          style=3D"color: rgb(17, 85, 204);">https://launchpad.net/ubuntu=
/+<wbr>source/libgd2/2.1.1-4ubuntu0.1<wbr>6.04.12</a></div>
;
    </div>
    <p> </p>
  </body>
</html>

--------------4A13B92E3EF1EECE36CFB390--

--sRDH8BccMgvXkAyo6eP8UQ2HJ42ahffmO--

--yGXJR71if2lt62oFHycsPGe44PGCCavai
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl6Ga0cACgkQtGdj0GOh
2+xBFQf/cS6gRYL3pKQexBEKvbfXpF7/e2m5gBToHBtCVopgVU+Dgmv+ECXlcYET
4bk8exGZRLfOXQzrxKhBY44F5tyooD6GPivuyHxdbIdOo+9BC2UriYIzNHoixYCx
Xx96vJmSsPy0GlBJsiXj6v+AqvCCxqSesZtwmCbAwzYfkafs4Kt98GU6/B8EBUF2
O+MqYBwuQB+a2MSYlHyCo1+d3UNYzRAuGgl7P3A8Jc+tocCbpAVoA/9B1uc1CuFH
pUmFPecuG51jbdY2COVE45QXDlN1h/Ti2TlYW9yOVgYcIDBhqjrFgzMzyvHlnnTb
O9RL+k4RTxe9PkMWRHYHGTWxoy7Htw==
=yz2+
-----END PGP SIGNATURE-----

--yGXJR71if2lt62oFHycsPGe44PGCCavai--


--===============8746807481814689564==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8746807481814689564==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung