A GD Graphics Library security update has been released for Ubuntu Linux 19.10, 18.04 LTS, and 16.04 LTS.
==========================================================================
Ubuntu Security Notice USN-4316-1
April 02, 2020
libgd2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GD Graphics
Library.
Software Description:
- libgd2: Open source code library for the dynamic creation of
images
Details:
It was discovered that GD Graphics Library incorrectly handled
cloning an
image. An attacker could possibly use this issue to cause GD
Graphics Library
to crash, resulting in a denial of service. (CVE-2018-14553)
It was discovered that GD Graphics Library incorrectly handled
loading images
from X bitmap format files. An attacker could possibly use this
issue to cause
GD Graphics Library to crash, resulting in a denial of service,
or to disclose
contents of the stack that has been left there by previous code.
This issue
only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.
(CVE-2019-11038)
Update instructions:
The problem can be corrected by updating your system to the
following
package versions:
Ubuntu 19.10:
libgd-tools 2.2.5-5.2ubuntu0.19.10.1
libgd3 2.2.5-5.2ubuntu0.19.10.1
Ubuntu 18.04 LTS:
libgd-tools 2.2.5-4ubuntu0.4
libgd3 2.2.5-4ubuntu0.4
Ubuntu 16.04 LTS:
libgd-tools 2.1.1-4ubuntu0.16.04.12
libgd3 2.1.1-4ubuntu0.16.04.12
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4316-1
CVE-2018-14553, CVE-2019-11038
Package Information:
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-5.2ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.4
https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.12
