Login
Newsletter
Werbung

Sicherheit: Zahlenüberläufe in gd
Aktuelle Meldungen Distributionen
Name: Zahlenüberläufe in gd
ID: MDVSA-2009:264
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0
Datum: Fr, 9. Oktober 2009, 20:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
Applikationen: gd

Originalnachricht

This is a multi-part message in MIME format...

------------=_1255114648-13155-2527


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:264
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gd
Date : October 9, 2009
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Multiple integer overflows in libgd in PHP before 5.2.4 allow
remote attackers to cause a denial of service (application crash)
and possibly execute arbitrary code via a large (1) srcW or (2)
srcH value to the (a) gdImageCopyResized function, or a large (3) sy
(height) or (4) sx (width) value to the (b) gdImageCreate or the (c)
gdImageCreateTrueColor function. (CVE-2007-3996)

The updated packages have been patched to prevent this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
2cb03c7d4b245e07b5d309e0f48a8077
corporate/3.0/i586/gd-utils-2.0.15-4.2.C30mdk.i586.rpm
fc28af51e9d0bb66392942710adaada6
corporate/3.0/i586/libgd2-2.0.15-4.2.C30mdk.i586.rpm
75b47ea3126c16f075cbf6a0d7f9f752
corporate/3.0/i586/libgd2-devel-2.0.15-4.2.C30mdk.i586.rpm
f47adbeaf348f3b95135219f098711f0
corporate/3.0/i586/libgd2-static-devel-2.0.15-4.2.C30mdk.i586.rpm
cf118bbdbf87e22153ce326187469a8b
corporate/3.0/SRPMS/gd-2.0.15-4.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
08336a0b261a1bd52d5f726b2dca8e0a
corporate/3.0/x86_64/gd-utils-2.0.15-4.2.C30mdk.x86_64.rpm
dcb48e240a80b837bb416ac04d21e8e6
corporate/3.0/x86_64/lib64gd2-2.0.15-4.2.C30mdk.x86_64.rpm
71b1d2cf707d83e13055f56be4ae2a67
corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.2.C30mdk.x86_64.rpm
ae4be8f25e4ad8b4e3e75c41a2329c3d
corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.2.C30mdk.x86_64.rpm
cf118bbdbf87e22153ce326187469a8b
corporate/3.0/SRPMS/gd-2.0.15-4.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
94ab7e1ec5f0d8af02a520be6f2f9829
mnf/2.0/i586/gd-utils-2.0.15-4.2.M20mdk.i586.rpm
310bef7d74de484a6a94ca5a43976c9b
mnf/2.0/i586/libgd2-2.0.15-4.2.M20mdk.i586.rpm
257320b106afef04393bc96508dd2038
mnf/2.0/i586/libgd2-devel-2.0.15-4.2.M20mdk.i586.rpm
bf388f56fee4c42ab49036c90860e031
mnf/2.0/i586/libgd2-static-devel-2.0.15-4.2.M20mdk.i586.rpm
474d47a8887a270f6ff8771245eb0f13 mnf/2.0/SRPMS/gd-2.0.15-4.2.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKz1xTmqjQ0CJFipgRAhn7AKDTYzequf8e+H0nwFUUhwYrgbDzRQCfV3uD
KwlpIZUzvwdexOv2UGGPWMs=
=GGJ3
-----END PGP SIGNATURE-----


------------=_1255114648-13155-2527
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1255114648-13155-2527--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung