User: Password:
|
|
Subscribe / Log in / New account

Debian alert DSA-1936-1 (libgd2)

From:  Giuseppe Iuculano <iuculano@debian.org>
To:  bugtraq@securityfocus.com
Subject:  [SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities
Date:  Tue, 17 Nov 2009 21:52:01 +0100
Message-ID:  <20091117205201.GA9254@galadriel.inutil.org>
Archive-link:  Article, Thread

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1936-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano November 17, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libgd2 Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Id : CVE-2007-0455 CVE-2009-3546 Debian Bug : 408982 552534 Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0455 Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution (etch). CVE-2009-3546 Tomas Hoger discovered a boundary error in the "_gdGetColors()" function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file. For the oldstable distribution (etch), these problems have been fixed in version 2.0.33-5.2etch2. For the stable distribution (lenny), these problems have been fixed in version 2.0.36~rc1~dfsg-3+lenny1. For the upcoming stable distribution (squeeze) and the unstable distribution ion (sid), these problems have been fixed in version 2.0.36~rc1~dfsg-3.1. We recommend that you upgrade your libgd2 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 301479 d2f4b2221cb0e05063f85157711638c7 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 587617 be0a6d326cd8567e736fbc75df0a5c45 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 988 c143f788dec8bc93ba7d80532600e09c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 209706 350a29caa97e9308417968f4374fe4cb http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 211442 ac64343bcbd2196196af6b942a603dab http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 147620 9948cdf39afe83183bc1603cd90dd114 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 366996 c0f31c20c69d49d3cb5dadfa95bbf605 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 363262 76cc7a8c6e046be17f44b3dc6bfc6510 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 203508 9ee2e8faf2371ffd8893b6d9d2ec021b http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 341038 820d12d0f7f578add42fb3d13269d7f5 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 200610 cdf81aad23ab53b1d28723c1e50895c9 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 145376 1f20c829f68b560492c5f6cac3c0326d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 342970 a8574f1ddb902aad8ebc4fab107d2210 arm architecture (ARM) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 194452 9933342f1462e2fb3a91572fe81d6d08 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 196524 291e331443613462a389a939f9c927ae http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 144878 a232085eb902a52df464b7aba1aa2b30 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 335830 a443f2cc96cb8c2e8ede402b6c7d70ff http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 333636 827656208c3803187e0e8284dbdb2c85 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 206542 aaedbb6f18a46a19caa0b2af5622de1b http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 351368 95f241fab6f416957fb3a3545a132f6d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 348440 b8b8601eaff99fe3fb01ba88452be1b6 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 148142 3ee9af605af8ca186f89e0669bfbacc8 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 209106 d2a75cf4dfc766239a8244cd5b3c671f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 198922 faa4e27f258d87a2d6716a1c7522ae96 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 335496 c6374428f8f2fc3c56cca141fda12267 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 197048 70de99f091a5ca73c3a9e14735a7f715 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 143160 be7a5db664baec27428b8092acd942a9 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 333956 16b228575857c08de542a1679bcde839 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 233854 59e84a2661507953240d01554d2f6801 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 149910 22f9401b0d41c4448d9165710575b639 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 381880 6f5d11e2181e4f32422000e30bb485fa http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 236402 d20da0972b2ce931db29ba0ef33c0227 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 379828 dcb320bbe14e14912c43e4ce6a87406c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 144530 29c23e7cf94df2dcce42da823ee2bac3 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 199980 8e7890aabf93010d64d573e97e7b6325 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 351366 fb84770d2b15b3d242af1ff9371cc004 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 349002 83a8e560b2a0832fa3f7bd845b028888 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 202576 4b614223b83ff9281d6abf0c96b95e84 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 351598 8eb9fcda56c076e97b6b5ae4c3a5c684 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 144656 d62007352274ddea4268b8daec3dfe06 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 200114 a7acda3f2c85d11229ca80716708b292 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 202610 6aba76b1fa6bf61e4f19b2c185caef40 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 348938 446b111039f2abc5f18c0da2909dc6d2 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 344170 99cb36b3f7e76c1611bc558da1f0b69f http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 153630 bd6b37df3c6f865add4a7544ce6a3ed8 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 346678 85768ccf84d18a46ec71b98de88d883a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 201156 02559a9d66a4ba052fdbdb8865fb1178 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 203254 697ec05f2c82870f3571de48ee1d4931 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 203820 2c0e1b8da57169cc27c68c02749e7fce http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 145288 e586279ab34b40581df878e8d54a5d00 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 206304 81286d7ef378f995064bda8985405176 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 344916 2b7dc027100094bcdfac3973ae42ec8a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 341596 48fb7fd9410a6c56c7348ee58e44c0db sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 337040 3e570757ccbed59f81cc9635908dcf52 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 195478 5394f4b16849e0324bf8604cd96855fe http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 339032 c33f2dd72b9c4d9e0d9d296b2d76c8ae http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 144496 ed5d416ed606a7512fd23b640ef0d48f http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 197346 472999df848cf226b765a36f10cb01ae Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 1612 861ee81768001cad3679f7e6b4c16268 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 29122 ba98bcc559da7cfaf6af0269e6d6c973 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 761899 0f4d2fa45627af0e87fcb74f653b66dd alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 236996 97687d52155c579eac4694129a3036b0 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 234324 888ccfbe94b37d807e520d17ba555373 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 389038 68e57a70ac9deeb88c32ded9f4d35db5 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 386062 d08f7a705d3b7853accb539322d93404 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 169056 0d8325242d90e9be315eceb4f4c3b2ce amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 226128 a341c0823799c1a17c57f3ab641ed9fc http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 363824 9f5ee16778aae72857045d83c24aa0a0 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 367104 c5d257e24617236b8a66ffebe49bc998 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 165016 35a7308138a071c9790b3c68071e67eb http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 228642 a923422ad1c829794894220d66e31ad8 arm architecture (ARM) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 218166 d01652ad19f739742c9ecd8bb4356c2e http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 360062 31b1b9c12e2e30d2a6da2bef039fac19 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 357534 69ba937ded46718124339895569eae97 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 165706 0017b28a56a67957aba834671b4ed04a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 220304 d5a95205b1d4d63ef7910e1c66cc5064 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 220534 13e41fb531753eac4425352e489ac204 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 359206 f16a9f312a1661e6be8c2aef94d699df http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 361246 1d18d7e113b95b5f780fcbbc9e7fe801 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 222682 0f1b597856bd6c52fbb60ed0649f485a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 166342 096ac81396b8664a2ed0280ea142a7d7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 228220 094ed936f86c346642bae66be78fe4a5 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 230744 b96bb2333dcd2c415d7a6cdfa5c5c85c http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 371374 6f2e96e693804722d51efe17a7384c0a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 167492 ac52ea686398bbe6bb0050d7f23380c7 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 374120 8280bee041cda85b2d7590485668d4d7 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 358974 797889cfec6a71fbc8dea99014a22d5d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 356634 8687049dc7503710e7b9798818ec10a0 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 222606 640114552f4d79220a99ed754bc8b149 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 220836 7fe4a8f4404f923bb3c2753c8801b945 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 164292 877bc158847f598be3175fcf1caca555 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 262616 384ba9e56c2243fbf678cbd2066c421a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 407462 a281c696e7df4c6b28fb1d00d889ad4e http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 170536 91e3b8b3bdec6437e586ecad76448d7b http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 259726 a1419ac46090a5b3ac6fadc031c94361 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 404324 beaf8d3f61ac17a3e1f9f8ec0fb98f83 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 368870 3f8abbc6d77a5aad3fb30b47a5a159ca http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 222342 1e65ebf2348b44765b21fc2d50760d40 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 224514 b852f45244d7fc1da80ad7baf7faa7a3 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 166492 4209fb354092ffe728ad6c877bf5b53a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 371392 cbd8852931c6b0e5217982e215f688f7 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 223660 0eff65fc6483e460c4e6c21ebaae951a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 373182 20190a16e9c743fe16f8a169e159ec8a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 167336 fec0121ea4ddb045fb9aed273ebe3bbf http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 225550 f9bf5ad9cb2974b32d183e6f204f206d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 370838 e0959c73988a9c10fad4a9325d6332d6 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 177126 319718191c09c50f6fba336f043277b1 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 232182 740ccf088ae1cc6473b088dfa3afd897 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 367906 1c217aa962a581c638736677eb18d640 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 229860 bef4bcd55e5f91278ea889e782a08772 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 370242 5eb51419b12f3d0a9e95cc1257256ed5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 230344 e90c8c56df7081e36153be0c51d0596c http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 365176 5bfb3d0987d0cddcdb72a453fd7acd58 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 228024 4b902fd21e351d5ba17bfb3d90cb7289 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 167880 676ed67187ddfddb50c8d8779df61571 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 367886 06b0e25ee20930b4043c5496f2aab0e3 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 221040 d745bb60f8419d7079a2886865f89ca7 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 358368 f4190378385c02f7d6c339969d607e49 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 219262 ba91b74900bf16efc42d805d818d47dd http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 167142 ec45c768f5fc3b0d1994f6302e939e42 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 360622 00d362606ec08c5b7633e5358a7a805c These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksDDKIACgkQXm3vHE4uylpFZgCgyP5ZjWxHpU6JuTZJwdEZefiT +PIAoKWivkoCfdCPdRUqwi9Jk2SPZPZ7 =60Ep -----END PGP SIGNATURE-----


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds