[USN-2987-1] GD library vulnerabilities

Fabricante: Ubuntu
Fecha: 31/05/2016
Identificador: USN-2987-1
[USN-2987-1] GD library vulnerabilities
========================================================================== Ubuntu Security Notice USN-2987-1 May 31, 2016 libgd2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: The GD library could be made to crash or run programs if it processed a specially crafted image file. Software Description: - libgd2: GD Graphics Library Details: It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709) It was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874) It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877) Hans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libgd3 2.1.1-4ubuntu0.16.04.1 Ubuntu 15.10: libgd3 2.1.1-4ubuntu0.15.10.1 Ubuntu 14.04 LTS: libgd3 2.1.0-3ubuntu0.1 Ubuntu 12.04 LTS: libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.1 libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2987-1 CVE-2014-2497, CVE-2014-9709, CVE-2015-8874, CVE-2015-8877, CVE-2016-3074 Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libgd2/2.0.36~rc1~dfsg-6ubuntu2.1 --