Get the LinuxSecurity news you want faster with RSS
Powered By
Fedora: gd-2.0.28-1.30.1 update
Posted by LinuxSecurity.com Team
Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-412
2004-11-11
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gd
Version : 2.0.28
Release : 1.30.1
Summary : A graphics library for quick creation of PNG or JPEG images.
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.
---------------------------------------------------------------------
Update Information:
Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.
Whilst researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941
to these issues.
Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Nov 03 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.28-1.30.1
- Fixed several buffer overflows for gdMalloc() calls
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
1c43a52dbccf6fc0f41a51177f68039c SRPMS/gd-2.0.28-1.30.1.src.rpm
2d5162b7b1ee9cc41f6e449317a35544 x86_64/gd-2.0.28-1.30.1.x86_64.rpm
fdf01ac8589f415447db35126fa9c21d x86_64/gd-progs-2.0.28-1.30.1.x86_64.rpm
bebd31faf06696a1a4118e72fccfdef0 x86_64/gd-devel-2.0.28-1.30.1.x86_64.rpm
2f9e1862d862b7137f303fa63511ba3f
x86_64/debug/gd-debuginfo-2.0.28-1.30.1.x86_64.rpm
43fdf0c898b78cb6524ce7238b134ab0 x86_64/gd-2.0.28-1.30.1.i386.rpm
43fdf0c898b78cb6524ce7238b134ab0 i386/gd-2.0.28-1.30.1.i386.rpm
1775b1c9061551b38bed8a0345e13daa i386/gd-progs-2.0.28-1.30.1.i386.rpm
9e73a389b07da7ceb7f4571852344a0c i386/gd-devel-2.0.28-1.30.1.i386.rpm
70e4cb5dad28af83ee4237569c8a244c
i386/debug/gd-debuginfo-2.0.28-1.30.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
