[USN-3900-1] GD vulnerabilities


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

protocol=”application/pgp-signature”;
boundary=”OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId

protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3900-1] GD vulnerabilities

–yhvxewltSXB4x2QDZfihoBezPaN77Gzim

Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3900-1
February 28, 2019

libgd2 vulnerabilities
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in GD.

Software Description:
– libgd2: GD Graphics Library

Details:

It was discovered that GD incorrectly handled memory when processing
certain images. A remote attacker could use this issue with a specially
crafted image file to cause GD to crash, resulting in a denial of service=
,
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
libgd-tools 2.2.5-4ubuntu1.1
libgd3 2.2.5-4ubuntu1.1

Ubuntu 18.04 LTS:
libgd-tools 2.2.5-4ubuntu0.3
libgd3 2.2.5-4ubuntu0.3

Ubuntu 16.04 LTS:
libgd-tools 2.1.1-4ubuntu0.16.04.11
libgd3 2.1.1-4ubuntu0.16.04.11

Ubuntu 14.04 LTS:
libgd-tools 2.1.0-3ubuntu0.11
libgd3 2.1.0-3ubuntu0.11

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3900-1
CVE-2019-6977, CVE-2019-6978

Package Information:
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu1.1
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.3
https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.11
https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.11

–yhvxewltSXB4x2QDZfihoBezPaN77Gzim–

–OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId

Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlx3868ACgkQZWnYVadE
vpM0eA//c92UZeucuWR+pgy+2zNq3uXK9XJ8+yh+8Lr6LZ9SWmNkrMJLcGrWqYJO
b3NibjCLLwW9spQzB/Ig9EWNGD377vsY7s+q/CV+oEUNZwxTXYZZxkJPRwnJ6k8N
DhdwuGmnInwIa4RUksv3oUYmajQihBSr7sKH8DJ2ZkB/tDFjJalUv/VfxHLzQcZX
znP0ca7/koTc9pzViLpsbWS0ZqyJVsIqRgWobMIH1DWA6NqUnCYBEhDFzKkiPsir
xrKXw9drZn8Hf2wzQ8P+jMXWMNFKBOnXxla+87BMAlx3a7ZegTLecqojgNY/vAD6
D3pR41rCIbMTfZIq6w194JSu3NPMK4UPiY1ayOIsKQy8Do1SGMO/yubR6KuYoGX+
AyJp7/g4BSY2zI7p1hfBmotq06CDmYQaUDRKPJ2Uoeeyfjn1pLEz3h0UMkyv8XW4
84mXzclK4PS9Fju0n1pHbjZKqoAGtcV3e5s14iYsp2ebSDFq0e1SGmzjhWvX+PSK
7CIwoZEZ2sONYFj3B1STJjMFtsUcjcutW657v8TExaBt4JoDr1MN5EajuegHq23K
mLuwmkX9h8uAx0ovvT/tFCvxbYsddyNrkdafXXSBD45KRAoyfAGaw1ONIsqO6WDi
6evlkQaA+Jzip8VroQFguaRRoKRIDAiOJ9caD00JrJl+6El+l5M=
=Znfu
—–END PGP SIGNATURE—–

–OloSWQQDhqiOReOdM8vuSsXY8RBM9UtId–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK