[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fedora] Schwachstelle in der GD Grafikbibliothek - FEDORA-2007-149



-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2007-0455 - Buffer Overflow in der Funktion gdImageStringFTEx()

  In der Funktion gdImageStringFTEx() aus der GD Grafikbibliothek laesst
  sich durch Angabe eines ueberlangen Strings mit JIS Font Encoding ein
  Buffer Overflow ausloesen. Angreifer koennen diese Schwachstelle dazu
  ausnutzen, die Anwendung, welche die GD Bibliothek verwendet, zum
  Absturz zu bringen (Denial of Service) oder evtl. beliebigen Code mit
  den Rechten des Anwenders auszufuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket gd

  Fedora Core 6

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00078.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-149
2007-02-12
- ---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : gd
Version     : 2.0.33
Release     : 10.fc6
Summary     : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

- ---------------------------------------------------------------------

* Mon Jan 29 2007 Ivana Varekova <varekova@xxxxxxxxxx> - 2.0.33-10
- - Resolves: #224610
  CVE-2007-0455 gd buffer overrun

- ---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42  SRPMS/gd-2.0.33-10.fc6.src.rpm
feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42  noarch/gd-2.0.33-10.fc6.src.rpm
bba9c7e76f3e2aaf0a9e05b3e324b1acb6d796f9  ppc/gd-2.0.33-10.fc6.ppc.rpm
4c53ab51750622a608e2bf9bb863300d0fa5ffc1  ppc/gd-devel-2.0.33-10.fc6.ppc.rpm
f2b2b126b582d7e7469ecc0f3acf4c43619cd920  ppc/debug/gd-debuginfo-2.0.33-10.fc6.ppc.rpm
785fc0a4d2357f36882e479c65b3625bc95a65cc  ppc/gd-progs-2.0.33-10.fc6.ppc.rpm
b91b8f712d63571239dc91fb6f4df260622dbc16  x86_64/debug/gd-debuginfo-2.0.33-10.fc6.x86_64.rpm
2d0294c076559f602f909cec2b7800ce9b7dcc57  x86_64/gd-2.0.33-10.fc6.x86_64.rpm
79ec946c48b8d64d102c9eec81aa3602e5190f8c  x86_64/gd-progs-2.0.33-10.fc6.x86_64.rpm
94c9cfba053ebc2940f96cf36668a7d235a5df44  x86_64/gd-devel-2.0.33-10.fc6.x86_64.rpm
9dda1875358b97cbcfeddf7866747ff7a068fea9  i386/gd-devel-2.0.33-10.fc6.i386.rpm
b94f2270165586ce75abff4790a47102f3ca7455  i386/gd-2.0.33-10.fc6.i386.rpm
17ca24b887d547675857f1e80ba1aef5b7d9d18e  i386/gd-progs-2.0.33-10.fc6.i386.rpm
d5b6337ca28aa58876db14ef7abda985e98c1754  i386/debug/gd-debuginfo-2.0.33-10.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
- ---------------------------------------------------------------------

- -- 
Dipl. Inform. Klaus Moeller (CSIRT)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRdG1kxYd1iQZmhQQAQFfrwf/cF3ad1qtkarsRV2HcPzwSI2nE9GFT2MH
6hKXNSgo5V/bG4CrwAoAi58DXPtw4v0iBN9sh/2VD5MYCHw6+HAkyGcugCWv0jjg
Ve7B5n1TAM6plfqqpLA1tWQXC+tHriMPVMzAPp9CDZRhInaP/QCYLy6ZEoq102dS
JSinT2C9Z5rGTm/7Xfq0t8faydL9zTt02mXHeZAQYVVEo+YGrzK6b4Q0ztS4PvIj
kjIq5p6a4JePk4Yvgcm3fIcXpekJNowguU6B23AlmW8iSwT9qIph7/z3+o0ZM27b
vwtDXokzsZyA7ju4oDpRLng+zbHqY8FDNURPbJUcNERz9XbvE4RBeA==
=pufy
-----END PGP SIGNATURE-----