===========================================================
Ubuntu Security Notice USN-11-1            October 28, 2004
libgd2 vulnerabilities
CAN-2004-0990
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libgd2-xpm
libgd2-noxpm

The problem can be corrected by upgrading the affected packages to
version 2.0.23-2ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several buffer overflows have been discovered in libgd's PNG handling
functions.

If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.

  Source archives:

    libgd2_2.0.23-2ubuntu0.1.diff.gz
      Size/MD5:    12015 3c278f754bef0a52d5ea83f62af81f8b
    libgd2_2.0.23-2ubuntu0.1.dsc
      Size/MD5:      783 10f0fcf6b1ba3e3dfecf31c597ded84c
    libgd2_2.0.23.orig.tar.gz
      Size/MD5:   544497 3bcd6daef3eb7b31ddc68a7d54b98c15

  Architecture independent packages:

    libgd2-dev_2.0.23-2ubuntu0.1_all.deb
      Size/MD5:   111826 d4ee66cac49d7cb792928f2245743f5a
    libgd2_2.0.23-2ubuntu0.1_all.deb
      Size/MD5:   111802 f25e3258c4fe2d453997e2b379c8ca88

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    libgd-tools_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   128166 be07ad782e1fa3e7a6d96f03333098b5
    libgd2-noxpm-dev_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   305818 ddd65bd2bff9ad79c374a7b81f22f1c1
    libgd2-noxpm_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   171190 0ca57e0f1b2d21368fc78f8fda9448a0
    libgd2-xpm-dev_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   305814 ed4ddc988e62d066f755492d1580c617
    libgd2-xpm_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   171166 31fe7088ba4223a0587dc6b7c378a160

  i386 architecture (x86 compatible Intel/AMD)

    libgd-tools_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   127280 29656d70daed6af2035e43e559723692
    libgd2-noxpm-dev_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   299836 b01bc5884893151d1cfab1a18bfbc246
    libgd2-noxpm_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   167376 d3e1108de8c9eef6b027a09d8cf1953c
    libgd2-xpm-dev_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   299828 064fdb8f240289b4072364359306e4d3
    libgd2-xpm_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   167348 543615c69de2676a4f9e4531003a4e4c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    libgd-tools_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   134062 2f6f321d26221715f2ba56b090bb69d1
    libgd2-noxpm-dev_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   308904 3d089de51fe4fa5660cde88ae0ec16b8
    libgd2-noxpm_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   173146 ad171f2410184f80a1894139f00eacb1
    libgd2-xpm-dev_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   308884 a3e359355b86d23deff439b43fae7bb4
    libgd2-xpm_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   173130 40689f3fcc6aaaaa491a665949e5fdb2