漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.
It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.
It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.
It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.
漏洞危害
If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601)
If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7885)
If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7975)
If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7976)
解决方案
Refer to Ubuntu advisory USN-3297-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3297-1: 16.10 (Yakkety) on src (jbig2dec)
USN-3297-1: 16.04 (Xenial) on src (libjbig2dec0)
USN-3297-1: 17.04 (zesty) on src (libjbig2dec0)
USN-3297-1: 17.04 (zesty) on src (jbig2dec)
USN-3297-1: 14.04 (Kylin) on src (jbig2dec)
USN-3297-1: 14.04 (Kylin) on src (libjbig2dec0)
0daybank
文章评论