Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: new libgd2 packages fix multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1613-1                                   Devin Carraway
July 22, 2008               
- ------------------------------------------------------------------------

Package        : libgd2
Vulnerability  : multiple vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2007-2445
Debian Bug     : 443456

Multiple vulnerabilities have been identified in libgd2, a library
for programmatic graphics creation and manipulation.  The Common
Vulnerabilities and Exposures project identifies the following three


    Grayscale PNG files containing invalid tRNS chunk CRC values
    could cause a denial of service (crash), if a maliciously
    crafted image is loaded into an application using libgd.


    An array indexing error in libgd's GIF handling could induce a
    denial of service (crash with heap corruption) if exceptionally
    large color index values are supplied in a maliciously crafted
    GIF image file.


    The imagearc() and imagefilledarc() routines in libgd allow
    an attacker in control of the parameters used to specify
    the degrees of arc for those drawing functions to perform
    a denial of service attack (excessive CPU consumption).


    Multiple integer overflows exist in libgd's image resizing and
    creation routines; these weaknesses allow an attacker in control
    of the parameters passed to those routines to induce a crash or
    execute arbitrary code with the privileges of the user running
    an application or interpreter linked against libgd2.

For the stable distribution (etch), these problems have been fixed in
version 2.0.33-5.2etch1.  For the unstable distribution (sid), the
problem has been fixed in version 2.0.35.dfsg-1.

We recommend that you upgrade your libgd2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   299546 bbcc9e441bb47f54eb6627a79aef95c8
    Size/MD5 checksum:      987 026ab752f6c09db61257eadc2dc7495f
    Size/MD5 checksum:   587617 be0a6d326cd8567e736fbc75df0a5c45

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   366896 2d69e2c1ba03065236cb1269ede5f1a3
    Size/MD5 checksum:   147510 afd6328854cd0a783a49c8e2a317ab86
    Size/MD5 checksum:   211288 3791111d9461d64acdebefd36bd094b9
    Size/MD5 checksum:   209562 84fbf1d0314582e2423b91ab9fabc26d
    Size/MD5 checksum:   363162 c63aa212712903d47c6cba7f208b6eff

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   342788 fb2ede45cc40b4f5028cb771897a9a91
    Size/MD5 checksum:   145242 f56629274f27b7f1db09ec669ba3c1ce
    Size/MD5 checksum:   200460 24620eba0b8767f0e8df185ca262dda0
    Size/MD5 checksum:   340868 8e2c86769cf213d5810297310e176888
    Size/MD5 checksum:   203322 006e39d79be19c437ebd9b88aabbc46e

arm architecture (ARM)
    Size/MD5 checksum:   195610 cffd7f5c304168483d4a9fd8e8bf4cac
    Size/MD5 checksum:   337472 8b306ec0ff60c785ef728680a1bcbc9c
    Size/MD5 checksum:   145138 da2dc662fb65c79e3be4f4316cd1c475
    Size/MD5 checksum:   197640 de10de2a6a604ca0219415d90240922a
    Size/MD5 checksum:   334880 7eaa4ca8ec2f1929171d353a7dca70ea

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   206646 a4076e4cd5b1a2e77208d2f4c9d6fd72
    Size/MD5 checksum:   147620 5a3eb7577e071214a10915d2a12ff050
    Size/MD5 checksum:   352034 117102f8ab98a933ba5e08257298c302
    Size/MD5 checksum:   209222 b2425804bd51a60d8a4325db84605450
    Size/MD5 checksum:   349162 979723a81f62d6c2dbdac56d66fde6dc

i386 architecture (Intel ia32)
    Size/MD5 checksum:   144040 a19b726c38ae5b760d12f002dc26386b
    Size/MD5 checksum:   338582 837a0b4917dd5a9ea44894d1c86dac20
    Size/MD5 checksum:   335902 e03aba661c8c802c405c1c5caaf7e2fc
    Size/MD5 checksum:   199410 1dcc174038ee43b0c3f896255c08da8b
    Size/MD5 checksum:   196760 9c41f2bcaf00e296a8f753bc89b042bf

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   233692 237f0cf48ab28f55de21165882949929
    Size/MD5 checksum:   381794 b7f95b4d44a908ef0a957fce2445d042
    Size/MD5 checksum:   379680 a67cc374d45b934e8f129b375c3c2b90
    Size/MD5 checksum:   149758 3ec3577b790136172e618afdd0ffc396
    Size/MD5 checksum:   236256 f1153b75a2411e99de161ff3aae1ee4b

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   197818 16ccf2325098ba8445b20cf9334f44a5
    Size/MD5 checksum:   200208 63fd7dc16cc9387bf51248a668320887
    Size/MD5 checksum:   145086 fe0c795d4a004fb18182d5f390219a3c
    Size/MD5 checksum:   349902 888522b2d61e05efa52b2f58d13d4a30
    Size/MD5 checksum:   347360 558ce7647ccf4d20278208a3d46d51d3

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   348768 938cff5e66d4cf7894e5b33f2c7cc934
    Size/MD5 checksum:   199920 67023552469fc4a30487009147866458
    Size/MD5 checksum:   351440 f5a690e113e800c2583344c77746d521
    Size/MD5 checksum:   144500 a8247e6bb2fbbcf7bba9fc756ec92e88
    Size/MD5 checksum:   202396 b5bbcb8b61ca28f8e85ef6cf54d02644

powerpc architecture (PowerPC)
    Size/MD5 checksum:   204266 332c8482ea4f9af50183e8be4f59e9ea
    Size/MD5 checksum:   202356 047679dee0a8d17815a905dab7ec8c0c
    Size/MD5 checksum:   347384 9508cff125f5e547be56895ac6e41a4c
    Size/MD5 checksum:   152934 51080a4fc09ddbae6e0b809169008f53
    Size/MD5 checksum:   344726 393b4d213d0be6908e7c0c206cb57c39

s390 architecture (IBM S/390)
    Size/MD5 checksum:   145158 1dfae9aa0d59be8fbbbbcaa310d508c4
    Size/MD5 checksum:   344760 ceadabf4a6895ccb33d615132d05cdc9
    Size/MD5 checksum:   341418 c41f6ad2a4563d45fa17a09dc92f347e
    Size/MD5 checksum:   206184 8a1c0ab32b20b7debf4beba96be1f7ef
    Size/MD5 checksum:   203650 04beedd2705136d9bc12fdfc9c3744ae

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   199146 2ac9e88e993bd74e3bb09c0bb71a6d5d
    Size/MD5 checksum:   144180 5631f2908055df679f94bc305b951dd8
    Size/MD5 checksum:   338830 d4946419e41d3ad04303201e3d2a15ac
    Size/MD5 checksum:   196570 fe461b1cfac5b156544d3beb349d1d01
    Size/MD5 checksum:   336322 07433fa292e875eabcbd43562a5184ee

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.