LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated gd packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. The updated packages have been patched to prevent this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:122
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gd
 Date    : June 13, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in libgd2 was found by Xavier Roche where it would not correctly
 validate PNG callback results.  If an application linked against
 libgd2 was tricked into processing a specially-crafted PNG file, it
 could cause a denial of service scenario via CPU resource consumption.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 4553247ff29b71630a511cfa2e8f8dae  2007.0/i586/gd-utils-2.0.33-5.2mdv2007.0.i586.rpm
 e597fdc7e70f9d47fba809c068d01c73  2007.0/i586/libgd2-2.0.33-5.2mdv2007.0.i586.rpm
 5cb1c7417540c8bf923329a1b913e8af  2007.0/i586/libgd2-devel-2.0.33-5.2mdv2007.0.i586.rpm
 41c08511d622f73c2941cd6153283a9d  2007.0/i586/libgd2-static-devel-2.0.33-5.2mdv2007.0.i586.rpm 
 7f26e734f247f081c4f91d88c4cf8746  2007.0/SRPMS/gd-2.0.33-5.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 6d49b3c840e14ed18363069c12c94672  2007.0/x86_64/gd-utils-2.0.33-5.2mdv2007.0.x86_64.rpm
 4d96a041fa0afcdb46d395c87f545080  2007.0/x86_64/lib64gd2-2.0.33-5.2mdv2007.0.x86_64.rpm
 36921632c56a9972f1d6db49e225e5c7  2007.0/x86_64/lib64gd2-devel-2.0.33-5.2mdv2007.0.x86_64.rpm
 8d1636c72f97ea7e654fdae03cdee7ce  2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.2mdv2007.0.x86_64.rpm 
 7f26e734f247f081c4f91d88c4cf8746  2007.0/SRPMS/gd-2.0.33-5.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 be767d1fb70fadda41e824b60a40654a  2007.1/i586/gd-utils-2.0.34-1.1mdv2007.1.i586.rpm
 d2f160f37beadd9ba3d5170e8524e2cd  2007.1/i586/libgd2-2.0.34-1.1mdv2007.1.i586.rpm
 364b5cf24157faf590f19f039f67c041  2007.1/i586/libgd2-devel-2.0.34-1.1mdv2007.1.i586.rpm
 e87568c973cfae2c65326c95a23841d2  2007.1/i586/libgd2-static-devel-2.0.34-1.1mdv2007.1.i586.rpm 
 03c9eadb6bdb8ada82180da39b745100  2007.1/SRPMS/gd-2.0.34-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 39ec275e8946123b78e01671a31ee128  2007.1/x86_64/gd-utils-2.0.34-1.1mdv2007.1.x86_64.rpm
 17d51791166f4a15f4cf8fee41852b04  2007.1/x86_64/lib64gd2-2.0.34-1.1mdv2007.1.x86_64.rpm
 74195a52b4b4d3de151b720809492aa8  2007.1/x86_64/lib64gd2-devel-2.0.34-1.1mdv2007.1.x86_64.rpm
 058ad0e0a91a0d069539b7c235f883a0  2007.1/x86_64/lib64gd2-static-devel-2.0.34-1.1mdv2007.1.x86_64.rpm 
 03c9eadb6bdb8ada82180da39b745100  2007.1/SRPMS/gd-2.0.34-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 77415362e06982bdf984f378ac768bd1  corporate/3.0/i586/gd-utils-2.0.15-4.4.C30mdk.i586.rpm
 28e9d357648fc4367b8ae481a4ef46f0  corporate/3.0/i586/libgd2-2.0.15-4.4.C30mdk.i586.rpm
 ebcac1bb4ac277b8813d2b9f2d4e6ec9  corporate/3.0/i586/libgd2-devel-2.0.15-4.4.C30mdk.i586.rpm
 77376cc5884c131906c6977cb9c52e76  corporate/3.0/i586/libgd2-static-devel-2.0.15-4.4.C30mdk.i586.rpm 
 19787484527e346d55c74459abcbe878  corporate/3.0/SRPMS/gd-2.0.15-4.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 beb3b4d6b05b3bf5d5f26be43b166dc0  corporate/3.0/x86_64/gd-utils-2.0.15-4.4.C30mdk.x86_64.rpm
 6f24793bb256074012c76cc678caf17f  corporate/3.0/x86_64/lib64gd2-2.0.15-4.4.C30mdk.x86_64.rpm
 d2d43fc0411bbcbdb1c5cd81b5c730fe  corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.4.C30mdk.x86_64.rpm
 78891b53940ad4d50010f3a5d8a9eb74  corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.4.C30mdk.x86_64.rpm 
 19787484527e346d55c74459abcbe878  corporate/3.0/SRPMS/gd-2.0.15-4.4.C30mdk.src.rpm

 Corporate 4.0:
 74461c4ac716814c86060d9418f6cf54  corporate/4.0/i586/gd-utils-2.0.33-3.3.20060mlcs4.i586.rpm
 2c6101e648d090bfde2a6038042a56ae  corporate/4.0/i586/libgd2-2.0.33-3.3.20060mlcs4.i586.rpm
 3beb7a4c7bb978442d3098f852f3e3fc  corporate/4.0/i586/libgd2-devel-2.0.33-3.3.20060mlcs4.i586.rpm
 ef4fb906adf0a9d40fab025ca9cf20d4  corporate/4.0/i586/libgd2-static-devel-2.0.33-3.3.20060mlcs4.i586.rpm 
 febc485fc1fed3d030cf440a20f000ef  corporate/4.0/SRPMS/gd-2.0.33-3.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 fc5078a497db8094fbf14980a5ee2c76  corporate/4.0/x86_64/gd-utils-2.0.33-3.3.20060mlcs4.x86_64.rpm
 80e1c4bb6338dfb58c246d0a8b001181  corporate/4.0/x86_64/lib64gd2-2.0.33-3.3.20060mlcs4.x86_64.rpm
 e3db3d95d3a1485226ae15d5bb5ea6c5  corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.3.20060mlcs4.x86_64.rpm
 00a195e5e03a1a5840f95ddd0b42f7db  corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.3.20060mlcs4.x86_64.rpm 
 febc485fc1fed3d030cf440a20f000ef  corporate/4.0/SRPMS/gd-2.0.33-3.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.