Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 17.04: 3389-1 Critical: Libgd Data Exposure Issue

ubuntu
Calendar Grey August 14, 2017
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-3389-1 warns of a critical vulnerability in libgd2, allowing attackers to access sensitive data through crafted images
The system could be made to expose sensitive information.

Summary

The system could be made to expose sensitive information.

Software Description:

- libgd2: GD Graphics Library

Details:

A vulnerability was descovered in GD Graphics Library (aka libgd),

as used in PHP before that does not zero colorMap arrays before use.

A specially crafted GIF image could use the uninitialized tables to

read  bytes from the top of the stack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libgd-tools                     2.2.4-2ubuntu0.2

Ubuntu 16.04 LTS:
  libgd-tools                     2.1.1-4ubuntu0.16.04.7

Ubuntu 14.04 LTS:
  libgd-tools                     2.1.0-3ubuntu0.7

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3389-1

  CVE-2017-7890

Severity
critical
Lowest
Low
Medium
High
Critical

August 14, 2017

Package Information

  https://launchpad.net/ubuntu/+source/libgd2/2.2.4-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.7
  https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here