Ubuntu Security Notice 3389-1 - A vulnerability was discovered in GD Graphics Library , as used in PHP before that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read A bytes from the top of the stack.
e59e994fc2e641eb78b48051b097f7cdbfceea7bc06d4f718de9193032e971fa
==========================================================================
Ubuntu Security Notice USN-3389-1
August 14, 2017
libgd2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description:
- libgd2: GD Graphics Library
Details:
A vulnerability was descovered in GD Graphics Library (aka libgd),
as used in PHP before that does not zero colorMap arrays before use.
A specially crafted GIF image could use the uninitialized tables to
readA A bytes from the top of the stack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
A libgd-toolsA A A A A A A A A A A A A A A A A A A A A 2.2.4-2ubuntu0.2
Ubuntu 16.04 LTS:
A libgd-toolsA A A A A A A A A A A A A A A A A A A A A 2.1.1-4ubuntu0.16.04.7
Ubuntu 14.04 LTS:
A libgd-toolsA A A A A A A A A A A A A A A A A A A A A 2.1.0-3ubuntu0.7
In general, a standard system update will make all the necessary
changes.
References:
A https://www.ubuntu.com/usn/usn-3389-1
A CVE-2017-7890
Package Information:
A https://launchpad.net/ubuntu/+source/libgd2/2.2.4-2ubuntu0.2
A https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.7
A https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.7