Univention Bugzilla – Full Text Bug Listing |
Summary: | libgd2: multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P2 | CC: | gohmann, requate, walkenhorst |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 41208 |
Description
Arvid Requate
2016-05-04 20:11:32 CEST
libgd2 2.0.36~rc1~dfsg-6.1+deb7u2 was imported and built in scope errata4.1-1. Advisory: r69191 OK: ucr set repository/online/unmaintained=yes univention-install -qq git php5-gd python-pip python-requests pip install --upgrade requests git clone https://github.com/dyntopia/exploits.git cp exploits/CVE-2016-3074/upload.php /var/www/ iptables -P INPUT ACCEPT iptables -F INPUT python exploits/CVE-2016-3074/exploit.py --bind-port 5555 http://127.0.0.1/upload.php (gdb) bt #0 0x00007f5d8b547390 in _int_free (av=0x7f5d8b858e40, p=0x55e2ae70d220) at malloc.c:5002 #1 0x00007f5d8b54a95c in *__GI___libc_free (mem=<optimized out>) at malloc.c:3738 #2 0x00007f5d8076e0f5 in gdImageCreateFromGd2Ctx () from /usr/lib/x86_64-linux-gnu/libgd.so.2 #3 0x00007f5d8076e1de in gdImageCreateFromGd2 () from /usr/lib/x86_64-linux-gnu/libgd.so.2 #4 0x00007f5d809b00a9 in ?? () from /usr/lib/php5/20100525/gd.so #5 0x00007f5d87d354c1 in ?? () from /usr/lib/apache2/modules/libphp5.so #6 0x00007f5d87ceee77 in execute () from /usr/lib/apache2/modules/libphp5.so #7 0x00007f5d87c8d8cc in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so #8 0x00007f5d87c2d143 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so #9 0x00007f5d87d37bda in ?? () from /usr/lib/apache2/modules/libphp5.so #10 0x000055e2acd2fb10 in ap_run_handler (r=0x7f5d876c90a0) at config.c:159 #11 0x000055e2acd2ff5b in ap_invoke_handler (r=r@entry=0x7f5d876c90a0) at config.c:377 #12 0x000055e2acd3fec8 in ap_process_request (r=r@entry=0x7f5d876c90a0) at http_request.c:282 #13 0x000055e2acd3cd48 in ap_process_http_connection (c=0x7f5d8a250290) at http_core.c:190 #14 0x000055e2acd36280 in ap_run_process_connection (c=0x7f5d8a250290) at connection.c:43 #15 0x000055e2acd36638 in ap_process_connection (c=c@entry=0x7f5d8a250290, csd=<optimized out>) at connection.c:190 #16 0x000055e2acd4469e in child_main (child_num_arg=child_num_arg@entry=4) at prefork.c:667 #17 0x000055e2acd44df2 in make_child (slot=4, s=0x7f5d8c317818) at prefork.c:768 #18 make_child (s=0x7f5d8c317818, slot=4) at prefork.c:696 #19 0x000055e2acd44e96 in startup_children (number_to_start=1) at prefork.c:786 #20 0x000055e2acd457f5 in ap_mpm_run (_pconf=_pconf@entry=0x7f5d8c321028, plog=<optimized out>, s=s@entry=0x7f5d8c317818) at prefork.c:1007 #21 0x000055e2acd1a7a0 in main (argc=3, argv=0x7ffd0e7a8448) at main.c:755 OK: DEBIAN_FRONTEND=noninteractive aptitude install -y -q '?source-package(libgd2)~i' /etc/init.d/apache2 restart OK: zless /usr/share/doc/libgd2-xpm/changelog.Debian.gz CVE-2016-3074 OK: dpkg-query -W libgd2\* # 2.0.36~rc1~dfsg-6.1.35.201605091028 OK: SELECT binpkg,binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='libgd2-xpm' AND major=4 AND site='apt' ORDER BY srcver ASC; FIXED: errata-announce -V --only libgd2.yaml r69401 | Bug #41209 QA: libgdb2 YAML Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u3 fixes this issue: * Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. (CVE-2015-8874) libgd2 2.0.36~rc1~dfsg-6.1+deb7u3 was imported and built in scope errata4.1-2. Advisory: r69497 OK: php5 -r '$im=imagecreatetruecolor(20,20);$c=imagecolorallocate($im,255,0,0);imagefilltoborder($im,0,-999355,$c,$c);' OK: DEBIAN_FRONTEND=noninteractive aptitude install -y -q '?source-package(libgd2)~i' OK: dpkg-query -W libgd2-xpm # 2.0.36~rc1~dfsg-6.1.39.201605240918 OK: zless /usr/share/doc/libgd2-xpm/changelog.Debian.gz OK: errata-announce -V --only libgd2.yaml FIXED: libgd2.yaml r69499 | Bug #41209: libgd2 YAML |