Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0329 libgd2 security update 6 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libgd2 Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-6978 CVE-2019-6977 Reference: ESB-2019.0319 ESB-2019.0271 Original Bulletin: http://www.debian.org/security/2019/dsa-4384 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4384-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2019-6977 CVE-2019-6978 Debian Bug : 920645 920728 Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. For the stable distribution (stretch), these problems have been fixed in version 2.2.4-2+deb9u4. We recommend that you upgrade your libgd2 packages. For the detailed security status of libgd2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libgd2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxYpyRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q1hg/9FxV5wWZ1rYxUiOd/10behLAoRHTW8DOter/dkNadjTHpN/HdLDTqKM4E HdzZkszEi9TPi47avdO5mZBZ6cDOR/NE+qGghxmqavG5l6DSPN6oyy70Z3g/IwFv 2POg84fCfGBAKmgro12iciii7M0IfC4k2vrVniCfAgEP5/iMJssPMXo25SbFrsgw t9O+fUktLWWWFkhFQ3rFc4hx9abIIWSrum3j6W7nUL7XrnIJG/r/2yqlhOSoq4Jt VL6Y++1cKld+eZ+tVEinYbu+T3Mic6z3WvdQtmkZnpxzHdiRuyWBVz0nv4W3Ss8E SbPSkpFqnbhhh7ZVFKInNNXjbN7lS7ffevVCLqo5BSBXU83zlKerA3JS9w2CvNGy 6XeLPwhLRdHnAAWJH+HVzM2mzPNpvgo+HR3ky00+aJamUP8xjPlc1TZoYN1axaz1 rrc/mPgro2EVvTjxCIak82Hj37rFqbmRRRwiVp4zhJe20dJf0h5gLAt/9waRhGmb arPozGIFQmMK6pgkhNHqHB4elAwt1TX40GKaKIovRwHK1XK3PE8VG7kkofcWGPRr UqfjZ4Mrfv7mH5QazFU9Of0TkofOPplgVXMCC1IX8qiNqjxPW4KOai0YGutBKhEf bfbo2mMcc6IBADyrbpZS9glDuau156qdQpPlOzgW2RN8Pt74doI= =QL/8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXFoqI2aOgq3Tt24GAQg8Rw/+NBdlD1ltNxGJ0X4sYgEXKbD+xFgcjNjI 0YV8KGlAnGE3zax8axcKsspYeCpUK6SGsAY3VZ5DdlyzZY+z3xQlbGF2F4Fb3J4N qbprmcO7gCE3ORwoL1dPJW48m+Tx/4k+bhR5q06h82tRN4YTItB4Z/aPciiIhOQm NbuFnoAszMzNSG3GnU2D4hWUukyHizi8Prk9NMi+5bzmZ+ug2oaN1bbsTZhN3aEZ LLI9i+8WHWWMdOfEV7fusDZchK646tPpqXDURgsfhbrhDklgRm41avZPR2A/WM/U mhc5/xe8NL9gAjCLr5tttz3YN9R+MYU/++o5fqRs0XKkFruTA1ywEX227HpJ6hdA vs22CgYSKugCD+q/JVEH1q2n+BeL2ouxNL/p6DZQgBiEq0mgzS66evQ0THuIVB65 BGqFvwcb+6lvysP0ohyl5WXsPStwyUCv0sUncF8PQNxYZsuTiazi6hpsjRXEBnow gFZBVhkJM41zKxSjxCKHNkTy3TzxGgVyyK/Q84Hog9P4DVlum/mJHagt7MuaoIrF OPBuSRDITG7QzHUD2shqI2UDI66QdTH2hCmKs3b4BQD9wvsFMSBP98sRnZYNpi6d mjhGqeVVadSRcKszw2Qo856FW7zoluxkvbziMIgMRZ3K7QflshSrAS/DGDzYPjAD c1Tc8NBqZUo= =g12D -----END PGP SIGNATURE-----