[USN-3755-1] GD vulnerabilities

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Aug 27 16:20:10 UTC 2018

Ubuntu Security Notice USN-3755-1
August 27, 2018

libgd2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS


Several security issues were fixed in GD.

Software Description:
- libgd2: GD Graphics Library


It was discovered that GD incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code.

It was discovered that GD incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libgd-tools                     2.2.5-4ubuntu0.2
  libgd3                          2.2.5-4ubuntu0.2

Ubuntu 16.04 LTS:
  libgd-tools                     2.1.1-4ubuntu0.16.04.10
  libgd3                          2.1.1-4ubuntu0.16.04.10

Ubuntu 14.04 LTS:
  libgd-tools                     2.1.0-3ubuntu0.10
  libgd3                          2.1.0-3ubuntu0.10

In general, a standard system update will make all the necessary

  CVE-2018-1000222, CVE-2018-5711

Package Information:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20180827/a2e6f17a/attachment.sig>

More information about the ubuntu-security-announce mailing list