[Technik] [SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
Noèl Köthe
noel at debian.org
Wed Jul 23 20:11:43 CEST 2008
Am Dienstag, den 22.07.2008, 07:01 +0000 schrieb Devin Carraway:
> Debian Security Advisory DSA-1613-1 security at debian.org
> http://www.debian.org/security/ Devin Carraway
> July 22, 2008 http://www.debian.org/security/faq
>
> Package : libgd2
> Vulnerability : multiple vulnerabilities
> Problem type : local (remote)
> Debian-specific: no
> CVE Id(s) : CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2007-2445
> Debian Bug : 443456
libgd2 auf h01, h02, h03, h04, h51, h52 und h90 aktualisiert.
> For the stable distribution (etch), these problems have been fixed in
> version 2.0.33-5.2etch1. For the unstable distribution (sid), the
> problem has been fixed in version 2.0.35.dfsg-1.
changelog:
libgd2 (2.0.33-5.2etch1) stable-security; urgency=high
* Non-maintainer upload by the security team
* Fix DoS via array index error in gd_gif_in.c caused by large color
index values
Fixes: CVE-2007-3476
* Fix DoS via large start or end angle degree values, which causes a
large CPU consumption
Fixes: CVE-2007-3477
* Fix several integer overflows in some gdImage* functions, which
could lead to a DoS or arbitrary code execution
Fixes: CVE-2007-3996
* Fix several overflows in gd.c by adding sanity checks for certain
values
* Fix DoS via infinite loop in gd_png.c
Fixes: CVE-2007-2445
-- Steffen Joeris <white at debian.org> Sat, 19 Jul 2008 13:27:49 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080723/85fa22b1/attachment.pgp
More information about the Technik
mailing list