SECURITY

USN-3060-1: GD library vulnerabilities Ubuntu Security Notice USN-3060-1 10th August, 2016 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD library incorrectly handled certain malformedTGA images. If a user or automated system were tricked into processing aspecially crafted TGA image, an attacker could cause a denial of service.(CVE-2016-6132, CVE-2016-6214) It was discovered that the GD library incorrectly handled memory when usinggdImageScale(). A remote attacker could possibly use this issue to cause adenial of service or possibly execute arbitrary code. (CVE-2016-6207) Update instructions The problem can be corrected by updating your system to the following package version: [ more… ]

USN-3059-1: xmlrpc-epi vulnerability Ubuntu Security Notice USN-3059-1 10th August, 2016 xmlrpc-epi vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary xmlrpc-epi could be made to crash or run programs if it processed specially crafted data. Software description xmlrpc-epi – a XML-RPC request library Details It was discovered that xmlrpc-epi incorrectly handled lengths in thesimplestring_addn function. A remote attacker could use this issue to causeapplications using xmlrpc-epi such as PHP to crash, resulting in a denialof service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libxmlrpc-epi0 0.54.2-1.1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-6296 Source: USN-3059-1: xmlrpc-epi vulnerability