Ubuntu Security Notice 5068-1 - It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Various other issues were also addressed.
207d9f248fbcf94e7768c791e2cbb722b0127794051e2f24f86ee92248948cdc
=========================================================================
Ubuntu Security Notice USN-5068-1
September 08, 2021
libgd2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in GD library.
Software Description:
- libgd2: GD Graphics Library
Details:
It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files.
An attacker could possibly use this issue to cause a crash or expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
(CVE-2017-6363)
It was discovered that GD Graphics Library incorrectly handled certain TGA files.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2021-381)
It was discovered that GD Graphics Library incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash.
(CVE-2021-40145)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
libgd3 2.3.0-2ubuntu0.1
Ubuntu 20.04 LTS:
libgd3 2.2.5-5.2ubuntu2.1
Ubuntu 18.04 LTS:
libgd3 2.2.5-4ubuntu0.5
Ubuntu 16.04 ESM:
libgd3 2.1.1-4ubuntu0.16.04.12+esm1
Ubuntu 14.04 ESM:
libgd3 2.1.0-3ubuntu0.11+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5068-1
CVE-2017-6363, CVE-2021-38115, CVE-2021-40145
Package Information:
https://launchpad.net/ubuntu/+source/libgd2/2.3.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-5.2ubuntu2.1
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.5