You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libgd2

Sigurnosni nedostatak programske biblioteke libgd2

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3389-1
August 14, 2017

libgd2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
– libgd2: GD Graphics Library

Details:

A vulnerability was descovered in GD Graphics Library (aka libgd),
as used in PHP before that does not zero colorMap arrays before use.
A specially crafted GIF image could use the uninitialized tables to
read  bytes from the top of the stack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libgd-tools                     2.2.4-2ubuntu0.2

Ubuntu 16.04 LTS:
  libgd-tools                     2.1.1-4ubuntu0.16.04.7

Ubuntu 14.04 LTS:
  libgd-tools                     2.1.0-3ubuntu0.7

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3389-1
  CVE-2017-7890

Package Information:
  https://launchpad.net/ubuntu/+source/libgd2/2.2.4-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.7
  https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.7
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZkfEtAAoJEEW851uECx9piX0P/1+WKnYniZT+QDzwqhjw+Okj
csFtjkCdzzOSJSLr4/Q1p9hKbJwTw9ojd1wcXSjyteu/tV6R9hJGd6rUSZZk+djc
TSksMSX7aBlB+51ku7sQGb6xBJesJ1iQ1rq5jByrQGpFTuoM1K3XxTa0Lz2rKKf3
nJxfgiosDKFtkY+GHNpvn83A2d+pSiakm3l2Fu7ZE/xR0dzCmVHwfrJpLFs+CYWL
U3SAVckJQqbf47LXIMMYdgPv080hTdyNt0zIg/h5grh0seAt2EwgHGYpthMlBewo
nedUIdXRRzCHZQUj06cQ3/oicO1u12dSffo7nVeAqK6CKlqfHfYIOvhULuitVElU
dN7yokZlgOf5tj28hcv5SLKblZsSdvJLb6i58GhS1tiCsFW6jGFg9YD/ubLXhYot
70zlguqQ2APZYClep8WgzS2h7ZXJRvzLMZFHDOXP7Xk0BTq0CjNHjg2lundmfHCm
AkU628ziZhyItuFkwVVOkmBAn06Mia2zrSkveL5+O5/z0ilRbIC9Vso9sNgXYQF9
V+lRHMpGbWkqLLfJwcgjkaIuvbef/Zc2LEb0xOhhpDc/X/j8AqQB7c20oDVuGWYe
CBesYI7gt47VYuUWHDWXUUinkFMO82ogW3vDBeE3e/l/kjsAFdQcdsCvcbCf3Zs5
GQ9qFg55Q+flgr3mm7J8
=CrQu
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3389-2
August 14, 2017

libgd2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

The system could be made to expose sensitive information.

Software Description:
– libgd2: GD Graphics Library

Details:

USN-3389-1 fixed a vulnerability in GD Graphics Library.
This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 A vulnerability was discovered in GD Graphics Library (aka libgd),
 as used in PHP that does not zero colorMap arrays before use.
 A specially crafted GIF image could use the uninitialized tables to
 read bytes from the top of the stack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libgd-tools                     2.0.36~rc1~dfsg-6ubuntu2.5

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3389-2
  https://www.ubuntu.com/usn/usn-3389-1
  CVE-2017-7890
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZkf9PAAoJEEW851uECx9pL24QAIhpyKoy2EKj7zQsoNUv+41r
hX45sG/E3h++flRhdJh1yWHvlxS1CcxliBf5uECWgV8+4/ssaeh/e2D4tU0hqfiC
4iKGSjRRyXvau7FGjpACNI2DBsEzjkfsguMv8D/apLVtVTtn/smuKMRh2pZopLpt
khSzSw/631NvBjdEzjfO8cyWALu2i8oZa6CMjd+XRJ+Q7ZMH3DDnBLz75dJCGEPE
7uHXY23yHvcEWvIDgGlJ4oKhjvSjLM5scBSlBikFojiYoryFwFHnEHgCeqgDLGso
xvPB7j28ur7cX4lPIVXaNIxhspa8TP9IofM4XF+LBqOcrW8Nwi+SLNQ6g7kp6OZ5
EXG7KHgnAA4XNWH1NcLplsYJ83sXrn681/6lo8MzwhmbIpIYLq7TYfqBWWqBuhvJ
DNSEXv9SqRkfE04Db2ddna/v6sizgWqKIWJ5V3mZYO7abVOdYpR60reBz2qpkxGs
p+dibGvurAEaoEQzwRCX8I3xrN28Mi0141Ro1/tFfUyp26gI8hENS2Nn449pssBd
iZ1Rh9Cq4c650kU2csg3Vxr9O++REHpqyLjNN90FvbWpnYDMRLBzBmwmX1zw33X1
BQwDxe15WXOGMCSM0O4i7KiX0fqpIP1tsyLeh6zLnq559Pa7YBKVw96rg4Pbbhbk
prSUxZcB8rtFYx/szHL3
=TYYU
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa subversion

Otkriveni su sigurnosni nedostaci u programskom paketu subversion za operacijski sustav SUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanjem...

Close