LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Foresight: gd Print E-mail
User Rating:      How can I rate this item?
Posted by Bill Keys   
Previous versions of the gd package are vulnerable to multiple attacks in which an attacker may cause unbounded CPU consumption or application crashes (Denial of Service), possibly leading to the execution of malicious code (Unauthorized Access). These attacks are generally limited to uses of the gd library to load existing images rather than generate new images.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0052-1
Published: 2007-09-06

Rating: Moderate

Updated Versions:
    gd=/conary.rpath.com at rpl:devel//1/2.0.33-4.5-1
    group-dist=/foresight.rpath.org at fl:1-devel//1/1.3.2-0.17-2

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
    https://issues.rpath.com/browse/RPL-1643

Description:
    Previous versions of the gd package are vulnerable to multiple attacks in
    which an attacker may cause unbounded CPU consumption or application
    crashes (Denial of Service), possibly leading to the execution of malicious
    code (Unauthorized Access). These attacks are generally limited to uses of
    the gd library to load existing images rather than generate new images.
    
- ---

Copyright 2007 Foresight Linux Project
Portions copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRuC5bNfwEn07iAtZAQLWeRAAmA76x+kZUN6WmiEQbF5ZgLzXtBTsQsCo
jaa2kSr193lueTuZnSJGmhCLpDRp+dcXJT9hWdp74WtlBERM4EPHpFOqZR4JMM6h
tZlHF1DIP1WuaqssUureSqdMnK2RW1iyfzATMYq3snlN1FWlS4MtwrOL7lYCpgux
YOJ29kEm6GU3U81mMDixOhRsGjQMqjai/Usf/qz5ipmVlh3wk5btSBzGipVuYOss
XnxIP4p+17Hqx26EHXTSDlCvsYaewSL7+fnSfGH4xs9Wyi6gN0/yzbu76g0a2jIX
gl/ND1wAL8dWKCRMTG8WVxj4XQbV9HlirRzIsCQenpJ2HAaNcFYXkntAdCmiph1l
qU6vtEdy0bZGiKVzvM5pG0S/Gzl06eSNkj+AjK1Joqn4PprYAcOPng1QnCXdLdWG
sd2z320NH0wN1AJfBu1fFfwmoy8CJHkoRbjLjQEvPOG6dnpuNa4KC4e80Ps/PgdM
zJH/xXzFLpHD6VtdQ/lArMqcc7ur1NPKLbedPMZuMWR3HGC7HrMXxe/t1uftQmzh
DPm1T30PqoHdH3/SKghG/Rocu/G56Cfbua63aN1JzON+T13zikOuLLFXAHBOEV75
XZ9P4A6M+2M5JvoXksBvz18sMVXYKW651CviaOR90rC+h86HAZEdWA4GShAJi9Fx
xjGTZrUYpfs=
=Jfx/
-----END PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.