[slackware-security]  gd (SSA:2007-178-01)

GD is an open source code library for the dynamic creation of images.

New gd packages are available for Slackware 11.0, and -current to
fix possible security issues.

Please see:  http://www.libgd.org/ReleaseNote020035
for complete release notes.  "Upgrading is strongly recommended."


Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/gd-2.0.35-i486-1_slack11.0.tgz:
  Upgraded to gd-2.0.35.
    This fixes a few possible security issues:
     * Possible infinite loop in the PNG reader
     * Possible integer overflow in gdImageCreateTrueColor
     * Possible crash in gdImageCreateXbm
     * Numerous flaws in the GIF reader
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gd-2.0.35-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 11.0 package:
d29e978cd31d64d6d8bb4db0c48822de  gd-2.0.35-i486-1_slack11.0.tgz

Slackware -current package:
2a2d38f9b985bb01a1d558a082d28131  gd-2.0.35-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gd-2.0.35-i486-1_slack11.0.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com