DLA-3781-1: libgd2 security update

The recent disclosure of vulnerabilities within the libgd2, a popular GD Graphics Library, has prompted immediate actions from users and administrators leveraging this graphics library. These vulnerabilities predominantly involve out-of-bounds reads and NULL pointer dereferences which could potentially allow attackers to perform denial of service (DoS) attacks, posing significant risks especially in environments where stability and uptime are critical.

Two major vulnerabilities identified are linked with older and newer versions of the library:

  • CVE-2018-14553: This vulnerability affects the gdImageClone function in the libgd, specifically from version 2.1.0-rc2 to 2.2.5. It could lead to a NULL pointer dereference if a certain function call sequence occurs, primarily affecting PHP applications linked with an external libgd. The absence of proper null checking before object use means attackers could crash an application thereby conducting a DoS attack.
  • CVE-2021-38115 & CVE-2021-40812: These two issues are recent and concern all the LibGD versions through 2.3.2. They allow remote attackers to cause a DoS through out-of-bounds reads. This is initiated via a crafted TGA file or due to inadequate handling of return values by gdGetBuf and gdPutBuf functions, leading to buffer overflow or underflow conditions.

The updates to patch these vulnerabilities are critical for the security and stability of systems using libgd2. System administrators and users are urged to apply these updates as soon as possible to mitigate any potential risk. The update involves ensuring that all function calls managing grapfic data are securely checked and that boundary checking mechanisms are in place to prevent out-of-bounds operations.

If you're managing a Linux server or numerous servers where this library might be in use, consider using a comprehensive patch management solution to streamline the update process. LinuxPatch provides an effective platform for managing patches efficiently, which could ease the burden of applying these critical updates while ensuring your systems remain secure against evolving threats.

Staying ahead with security updates is not just a preventive step but also a crucial action towards safeguarding valuable IT resources and data against potential exploits. Make sure your systems are always updated with the latest security patches!