USN-3755-1: GD vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

• Canonical Ubuntu 14.04
• Canonical Ubuntu 18.04

Description

It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222)

It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

• All versions of Cloud Foundry cflinuxfs2 prior to 1.234.0
• All versions of Cloud Foundry cflinuxfs3 prior to 0.17.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

• The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.234.0 or later.
• The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.17.0 or later.

References

• USN-3755-1
• CVE-2018-1000222
• CVE-2018-5711