[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fedora] Schwachstelle in der GD Grafikbibliothek - FEDORA-2007-150
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2007-0455 - Buffer Overflow in der Funktion gdImageStringFTEx()
In der Funktion gdImageStringFTEx() aus der GD Grafikbibliothek laesst
sich durch Angabe eines ueberlangen Strings mit JIS Font Encoding ein
Buffer Overflow ausloesen. Angreifer koennen diese Schwachstelle dazu
ausnutzen, die Anwendung, welche die GD Bibliothek verwendet, zum
Absturz zu bringen (Denial of Service) oder evtl. beliebigen Code mit
den Rechten des Anwenders auszufuehren.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket gd
Fedora Core 5
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00080.html
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Klaus Moeller, DFN-CERT
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-150
2007-02-12
- ---------------------------------------------------------------------
Product : Fedora Core 5
Name : gd
Version : 2.0.33
Release : 7.fc5
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.
- ---------------------------------------------------------------------
* Mon Jan 29 2007 Ivana Varekova <varekova@xxxxxxxxxx> - 2.0.33-7
- - Resolves: #224610
CVE-2007-0455 gd buffer overrun
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
f5b3176556d582f3aead7251e444bb39325e67eb SRPMS/gd-2.0.33-7.fc5.src.rpm
f5b3176556d582f3aead7251e444bb39325e67eb noarch/gd-2.0.33-7.fc5.src.rpm
d8efaab38b6829ed03be8fd49a07c69076c935bd ppc/debug/gd-debuginfo-2.0.33-7.fc5.ppc.rpm
32d5ac5ba3554bce9d147211f9908460e5eb2a77 ppc/gd-progs-2.0.33-7.fc5.ppc.rpm
07c6ca3db3c4c00d20bd7caeb27b425f1f0cceae ppc/gd-2.0.33-7.fc5.ppc.rpm
401c7a2beecb667eef295d7e3fa2b226a99af174 ppc/gd-devel-2.0.33-7.fc5.ppc.rpm
0327d9e2082fab529730c8cc3bbfc973715926a4 x86_64/debug/gd-debuginfo-2.0.33-7.fc5.x86_64.rpm
5e80480e03dfec8450b20accb0602d8d0f34a4b9 x86_64/gd-progs-2.0.33-7.fc5.x86_64.rpm
839b0026d0198770d90a6a0c8536318fb842ebbc x86_64/gd-devel-2.0.33-7.fc5.x86_64.rpm
882b62adfb15b48fac779baadf7a7443e11fcc2f x86_64/gd-2.0.33-7.fc5.x86_64.rpm
61e529f58be3552a4ff3990bd8f1631818241401 i386/gd-progs-2.0.33-7.fc5.i386.rpm
c5f6052bf5d36698b5f02335177b152b88a4741e i386/debug/gd-debuginfo-2.0.33-7.fc5.i386.rpm
6aa079c7183d1908263e70fdf8417ffdaaf78688 i386/gd-devel-2.0.33-7.fc5.i386.rpm
e9a4a5e258a33e7d4912324d38128629d5385f65 i386/gd-2.0.33-7.fc5.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
- ---------------------------------------------------------------------
- --
Dipl. Inform. Klaus Moeller (CSIRT)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRdGzARYd1iQZmhQQAQH41gf/ZklublATYscEwkWrAL6y3pmIhoZLS++n
WkuaNYMXAIjCpbK2RG6hv+AcphXV0xa11uuEbBhmZh7GMbMqy9o5mzQgLRegZlX/
RBnkdfNfcFKkp9xPvmHjosBxJ+Ipjwnsm8PP/rvjZVDbdKOfNYBW88nH0RyT79i9
6vLfrZHiMc1X+GsXDz2DYrFUjyDjoc0VMcT3UuNExGaAEBnmzZlGll38g933RA9N
Ja06Tv4bjXtlTpo5Aer8ma6IX3O1QbpytLi9vAPIQJTVjkVsSWFGZric4BeLM/HZ
6D5hisC7o5xgkac1OypyzuAOtu5bPegSci3faltwHsrtrFShIObGmQ==
=gRcs
-----END PGP SIGNATURE-----