User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-11-1 (libgd2)

From:  Martin Pitt <martin.pitt@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-11-1] libgd2 vulnerabilities
Date:  Fri, 29 Oct 2004 11:02:12 +0200
Cc:  bugtraq@securityfocus.com, full-disclosure@lists.netsys.com

=========================================================== Ubuntu Security Notice USN-11-1 October 28, 2004 libgd2 vulnerabilities CAN-2004-0990 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libgd2-xpm libgd2-noxpm The problem can be corrected by upgrading the affected packages to version 2.0.23-2ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several buffer overflows have been discovered in libgd's PNG handling functions. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges. Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 12015 3c278f754bef0a52d5ea83f62af81f8b http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 783 10f0fcf6b1ba3e3dfecf31c597ded84c http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 544497 3bcd6daef3eb7b31ddc68a7d54b98c15 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 111826 d4ee66cac49d7cb792928f2245743f5a http://security.ubuntu.com/ubuntu/pool/universe/libg/libg... Size/MD5: 111802 f25e3258c4fe2d453997e2b379c8ca88 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libg/libg... Size/MD5: 128166 be07ad782e1fa3e7a6d96f03333098b5 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 305818 ddd65bd2bff9ad79c374a7b81f22f1c1 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 171190 0ca57e0f1b2d21368fc78f8fda9448a0 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 305814 ed4ddc988e62d066f755492d1580c617 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 171166 31fe7088ba4223a0587dc6b7c378a160 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libg/libg... Size/MD5: 127280 29656d70daed6af2035e43e559723692 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 299836 b01bc5884893151d1cfab1a18bfbc246 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 167376 d3e1108de8c9eef6b027a09d8cf1953c http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 299828 064fdb8f240289b4072364359306e4d3 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 167348 543615c69de2676a4f9e4531003a4e4c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libg/libg... Size/MD5: 134062 2f6f321d26221715f2ba56b090bb69d1 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 308904 3d089de51fe4fa5660cde88ae0ec16b8 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 173146 ad171f2410184f80a1894139f00eacb1 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 308884 a3e359355b86d23deff439b43fae7bb4 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/l... Size/MD5: 173130 40689f3fcc6aaaaa491a665949e5fdb2 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds