User: Password:
|
|
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2007.016 (gd)

From:  OpenPKG GmbH <openpkg-noreply@openpkg.com>
To:  openpkg-announce@openpkg.org
Subject:  [OpenPKG-SA-2007.016] OpenPKG Security Advisory (gd)
Date:  Fri, 18 May 2007 08:42:33 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.016 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.016 Advisory Published: 2007-05-18 08:42 UTC Issue Id (internal): OpenPKG-SI-20070518.02 Issue First Created: 2007-05-18 Issue Last Modified: 2007-05-18 Issue Revision: 03 ____________________________________________________________________________ Subject Name: libgd Subject Summary: Fast Graphics Generation Library Subject Home: http://www.libgd.org/ Subject Versions: * <= 2.0.33 Vulnerability Id: CVE-2007-0455 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: Multiple security issues exist in the fast graphics generation library libgd (aka GD) [0], versions up to and including 2.0.33. The issues include 32-bit multiplication overflow vulnerabilities, memory allocation errors that were not checked, DoS via corrupt GIF images and malformed or empty PNG images, "gdImageFillToBorder" crashed when the color was not opaque, crashes on antialiased lines drawn on an images edge, and "gdImageFill" crashed when used with patterns or invalid arguments [1][2]. References: [0] http://www.libgd.org/ [1] http://www.libgd.org/ReleaseNote020034 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 ____________________________________________________________________________ Primary Package Name: gd Primary Package Home: http://openpkg.org/go/package/gd Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID gd-2.0.33-E1.0.1 OpenPKG Community CURRENT gd-2.0.34-20070207 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <http://openpkg.com/> iD8DBQFGTUrUZwQuyWG3rjQRAvOXAJ4qmxhLEZewuS8tucnraxKu/wfJdQCfbuHm DHBMdcRsudXX2x04opetiYo= =Zu9b -----END PGP SIGNATURE----- ______________________________________________________________________ OpenPKG http://openpkg.org Announcement List openpkg-announce@openpkg.org


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds