漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that the GD library incorrectly handled certain malformed Tiff images.
It was discovered that the GD library incorrectly handled certain integers when processing WebP images.
It was discovered that the GD library incorrectly handled certain strings when creating images.
漏洞危害
If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. (CVE-2016-6911)
If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7568)
If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-8670)
解决方案
Refer to Ubuntu advisory USN-3117-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3117-1: 14.04 (Kylin) on src (libgd3)
USN-3117-1: 16.10 (Yakkety) on src (libgd3)
USN-3117-1: 16.04 (Xenial) on src (libgd3)
0day
文章评论