Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-563.NASLHistoryJul 27, 2016 - 12:00 a.m.
Debian DLA-563-1 : libgd2 security update
2016-07-2700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
A global out of bounds read when encoding gif from malformed input was found in this software.
When given invalid inputs, we might be fed the EOF marker before it is actually the EOF. The gif logic assumes once it sees the EOF marker, there won’t be any more data, so it leaves the cur_bits index possibly negative. So when we get more data, we underflow the masks array.
For Debian 7 ‘Wheezy’, these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u5.
We recommend that you upgrade your libgd2 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-563-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(92570);
script_version("2.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-6161");
script_name(english:"Debian DLA-563-1 : libgd2 security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A global out of bounds read when encoding gif from malformed input was
found in this software.
When given invalid inputs, we might be fed the EOF marker before it is
actually the EOF. The gif logic assumes once it sees the EOF marker,
there won't be any more data, so it leaves the cur_bits index possibly
negative. So when we get more data, we underflow the masks array.
For Debian 7 'Wheezy', these problems have been fixed in version
2.0.36~rc1~dfsg-6.1+deb7u5.
We recommend that you upgrade your libgd2 packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2016/07/msg00025.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/libgd2"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-noxpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-noxpm-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-xpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-xpm-dev");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"libgd-tools", reference:"2.0.36~rc1~dfsg-6.1+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libgd2-noxpm", reference:"2.0.36~rc1~dfsg-6.1+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libgd2-noxpm-dev", reference:"2.0.36~rc1~dfsg-6.1+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libgd2-xpm", reference:"2.0.36~rc1~dfsg-6.1+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libgd2-xpm-dev", reference:"2.0.36~rc1~dfsg-6.1+deb7u5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | libgd2-xpm-dev | p-cpe:/a:debian:debian_linux:libgd2-xpm-dev |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
| debian | debian_linux | libgd-tools | p-cpe:/a:debian:debian_linux:libgd-tools |
| debian | debian_linux | libgd2-noxpm | p-cpe:/a:debian:debian_linux:libgd2-noxpm |
| debian | debian_linux | libgd2-noxpm-dev | p-cpe:/a:debian:debian_linux:libgd2-noxpm-dev |
| debian | debian_linux | libgd2-xpm | p-cpe:/a:debian:debian_linux:libgd2-xpm |
Related
nessus
nessus
F5 Networks BIG-IP : libgd vulnerability (K71581599)
2016-11-17 00:00:00
SUSE SLES11 Security Update : gd (SUSE-SU-2016:2302-1)
2016-09-15 00:00:00
Fedora 23 : gd (2016-0de0e0ee0c)
2016-10-06 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2302-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-563-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for gd (EulerOS-SA-2019-2527)
2020-01-23 00:00:00
cve
cve
CVE-2016-6161
2016-08-12 15:59:00
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:27:20
osv
osv
libgd2 - security update
2016-07-26 00:00:00
debiancve
debiancve
CVE-2016-6161
2016-08-12 15:59:00
prion
prion
Out-of-bounds
2016-08-12 15:59:00
alpinelinux
alpinelinux
CVE-2016-6161
2016-08-12 15:59:00
f5
f5
K71581599 : libgd vulnerability CVE-2016-6161
2016-11-16 00:00:00
redhatcve
redhatcve
CVE-2016-6161
2016-07-07 12:48:54
ubuntucve
ubuntucve
CVE-2016-6161
2016-07-06 00:00:00
debian
debian
[SECURITY] [DLA 563-1] libgd2 security update
2016-07-26 21:05:24
[SECURITY] [DSA 3619-1] libgd2 security update
2016-07-15 15:43:56
[SECURITY] [DSA 3619-1] libgd2 security update
2016-07-15 15:43:38
fedora
fedora
[SECURITY] Fedora 23 Update: gd-2.1.1-10.fc23
2016-10-05 08:53:38
ubuntu
ubuntu
GD library vulnerabilities
2016-07-11 00:00:00
cloudfoundry
cloudfoundry
USN-3030-1/USN-3060-1 GD library vulnerability | Cloud Foundry
2016-08-25 00:00:00
suse
suse
Security update for php5 (important)
2016-10-04 17:11:09
Security update for php5 (important)
2016-09-28 15:09:48
Security update for php7 (important)
2016-10-05 21:08:45
Related for DEBIAN_DLA-563.NASL