Ubuntu Security Notice 3755-1 - It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.
af3eebe3f93ef0e1276ae9901097f86493484a7d3ac0d9d48410d132b8ffdf80
==========================================================================
Ubuntu Security Notice USN-3755-1
August 27, 2018
libgd2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in GD.
Software Description:
- libgd2: GD Graphics Library
Details:
It was discovered that GD incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-1000222)
It was discovered that GD incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-5711)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libgd-tools 2.2.5-4ubuntu0.2
libgd3 2.2.5-4ubuntu0.2
Ubuntu 16.04 LTS:
libgd-tools 2.1.1-4ubuntu0.16.04.10
libgd3 2.1.1-4ubuntu0.16.04.10
Ubuntu 14.04 LTS:
libgd-tools 2.1.0-3ubuntu0.10
libgd3 2.1.0-3ubuntu0.10
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3755-1
CVE-2018-1000222, CVE-2018-5711
Package Information:
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.2
https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.10
https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.10