Get the LinuxSecurity news you want faster with RSS
Powered By
Fedora: gd-2.0.21-5.20.1 update
Posted by LinuxSecurity.com Team
Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-411
2004-11-11
---------------------------------------------------------------------
Product : Fedora Core 2
Name : gd
Version : 2.0.21
Release : 5.20.1
Summary : A graphics library for quick creation of PNG or JPEG images.
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.
---------------------------------------------------------------------
Update Information:
Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.
Whilst researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941
to these issues.
Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.
---------------------------------------------------------------------
* Thu Nov 04 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.21-5.20.1
- Backport of fix for several buffer overflows in gdMalloc() calls
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
860ef179fc02b24faeb9c7ad6d3dd2c5 SRPMS/gd-2.0.21-5.20.1.src.rpm
cc924e3a5eb622f8729a8940472bc19f x86_64/gd-2.0.21-5.20.1.x86_64.rpm
cbfe3743fb6ed1d11e562af6617dd6cf x86_64/gd-progs-2.0.21-5.20.1.x86_64.rpm
899927fad1d49a55bedd96f12d308a81 x86_64/gd-devel-2.0.21-5.20.1.x86_64.rpm
4f034123d7a07054a2284fd1aef02e2e
x86_64/debug/gd-debuginfo-2.0.21-5.20.1.x86_64.rpm
32203e8cff61a2a6799426b695f35650 i386/gd-2.0.21-5.20.1.i386.rpm
2812f648f8f6570b51b326fb400e985f i386/gd-progs-2.0.21-5.20.1.i386.rpm
7e48d961b951212bc44372b489da9917 i386/gd-devel-2.0.21-5.20.1.i386.rpm
6dd526e9a1a3cbf79b36671335328224
i386/debug/gd-debuginfo-2.0.21-5.20.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
