Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in gd
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in gd
ID: MDVSA-2009:284
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0
Datum: Di, 20. Oktober 2009, 17:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
Applikationen: gd

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1256051012-13155-3084


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:284
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gd
 Date    : October 20, 2009
 Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in gd:
 
 The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
 GD Graphics Library 2.x, does not properly verify a certain colorsTotal
 structure member, which might allow remote attackers to conduct
 buffer overflow or buffer over-read attacks via a crafted GD file,
 a different vulnerability than CVE-2009-3293.  NOTE: some of these
 details are obtained from third party information (CVE-2009-3546).
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 6c866bae01f25d5dc270d3adbbd5d993 
 2009.0/i586/gd-utils-2.0.35-6.1mdv2009.0.i586.rpm
 bd8887aeba9889fcdcb2cda16a6a53de 
 2009.0/i586/libgd2-2.0.35-6.1mdv2009.0.i586.rpm
 88e7ebdf94c3493e816ffd512a2807a1 
 2009.0/i586/libgd-devel-2.0.35-6.1mdv2009.0.i586.rpm
 d053ec9518ec742e3bc36353337b686d 
 2009.0/i586/libgd-static-devel-2.0.35-6.1mdv2009.0.i586.rpm 
 754f5c9783f4b5f7b1b117b18cca15d6  2009.0/SRPMS/gd-2.0.35-6.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c8ea9db1a2900f0bf6126322df6516c3 
 2009.0/x86_64/gd-utils-2.0.35-6.1mdv2009.0.x86_64.rpm
 ce2d31ad700733f16bae12aa67a7e7ef 
 2009.0/x86_64/lib64gd2-2.0.35-6.1mdv2009.0.x86_64.rpm
 e5930aa4e9470a02c2d3ed35a9de8157 
 2009.0/x86_64/lib64gd-devel-2.0.35-6.1mdv2009.0.x86_64.rpm
 a65dc17ce7c3814423c7274edd58d105 
 2009.0/x86_64/lib64gd-static-devel-2.0.35-6.1mdv2009.0.x86_64.rpm 
 754f5c9783f4b5f7b1b117b18cca15d6  2009.0/SRPMS/gd-2.0.35-6.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 05f81dc2f0895b4a3466cd855e43d4de 
 2009.1/i586/gd-utils-2.0.35-8.1mdv2009.1.i586.rpm
 f52e6f8eb0bd1ef751ac64eeffe514ac 
 2009.1/i586/libgd2-2.0.35-8.1mdv2009.1.i586.rpm
 55d6d5fce499049e0f06f8e98e4bbfe2 
 2009.1/i586/libgd-devel-2.0.35-8.1mdv2009.1.i586.rpm
 546237c9a13ad9ee1abfe59f70fb79fd 
 2009.1/i586/libgd-static-devel-2.0.35-8.1mdv2009.1.i586.rpm 
 35226b6d2166537c4b797fb2f031fbeb  2009.1/SRPMS/gd-2.0.35-8.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 de8bdbcb765b3db98246ded84df3d247 
 2009.1/x86_64/gd-utils-2.0.35-8.1mdv2009.1.x86_64.rpm
 b20cc886a69f5bea68421326db8a881e 
 2009.1/x86_64/lib64gd2-2.0.35-8.1mdv2009.1.x86_64.rpm
 4163f9180cfbd869f8e1309df343f739 
 2009.1/x86_64/lib64gd-devel-2.0.35-8.1mdv2009.1.x86_64.rpm
 3b55d54e9428b159a707321717ad93c8 
 2009.1/x86_64/lib64gd-static-devel-2.0.35-8.1mdv2009.1.x86_64.rpm 
 35226b6d2166537c4b797fb2f031fbeb  2009.1/SRPMS/gd-2.0.35-8.1mdv2009.1.src.rpm

 Corporate 3.0:
 403f12a5a250eb7b19747e98acca455a 
 corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
 63236e5b8c12a00613db49d7efbaf219 
 corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
 2413a31873e5a12de7f91b9813edceac 
 corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
 3c790eb64d13da72fd5233b231a37048 
 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm 
 e53ea6c39ecf645109440a1b6d766753 
 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b9ed91e59a55df1ca59f4982d1cf38e7 
 corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm
 0e7b3b8f25571fd79f7a618ba14095b7 
 corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm
 b3fee4c8dac6089c5da355e505c3b54e 
 corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm
 74cd55856ed0275d795db3f7ae5b6081 
 corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm 
 e53ea6c39ecf645109440a1b6d766753 
 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

 Corporate 4.0:
 2c26534467a1c98718bc2bb20e54bcab 
 corporate/4.0/i586/gd-utils-2.0.33-3.6.20060mlcs4.i586.rpm
 59601ba68440a1b0fd34c418d6c4716b 
 corporate/4.0/i586/libgd2-2.0.33-3.6.20060mlcs4.i586.rpm
 feaaa0d30efbfded9b2423bd843449d5 
 corporate/4.0/i586/libgd2-devel-2.0.33-3.6.20060mlcs4.i586.rpm
 ca9df591a9e6e6df86573ea89f1d12dc 
 corporate/4.0/i586/libgd2-static-devel-2.0.33-3.6.20060mlcs4.i586.rpm 
 eae43b418d8217f8a1525a6d9708104b 
 corporate/4.0/SRPMS/gd-2.0.33-3.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 41af6c4d472865a1980f10f0b23f5d02 
 corporate/4.0/x86_64/gd-utils-2.0.33-3.6.20060mlcs4.x86_64.rpm
 0f3cb929bf45c233a2fc79a21065f259 
 corporate/4.0/x86_64/lib64gd2-2.0.33-3.6.20060mlcs4.x86_64.rpm
 f6a11970d270993097348cb3572db65c 
 corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.6.20060mlcs4.x86_64.rpm
 febdcbf9b32675bbde080713fd2084f1 
 corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.6.20060mlcs4.x86_64.rpm 
 eae43b418d8217f8a1525a6d9708104b 
 corporate/4.0/SRPMS/gd-2.0.33-3.6.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 1db0eb2e2b696a31f830b4947cf6a89e 
 mes5/i586/gd-utils-2.0.35-6.1mdvmes5.i586.rpm
 e3817498bf992e5f0b5e51ee60c65211  mes5/i586/libgd2-2.0.35-6.1mdvmes5.i586.rpm
 28baee14f1cc077348f61662ff4ea28b 
 mes5/i586/libgd-devel-2.0.35-6.1mdvmes5.i586.rpm
 c9e3fbe28c80b703e99db1a04f80e91d 
 mes5/i586/libgd-static-devel-2.0.35-6.1mdvmes5.i586.rpm 
 f8d52f8fa6f2293104e0f7efe1f7813d  mes5/SRPMS/gd-2.0.35-6.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9429f44d43fd99c47aab8b6c0a7224ee 
 mes5/x86_64/gd-utils-2.0.35-6.1mdvmes5.x86_64.rpm
 4eabccefa3e38ac1047a563bfbc9176f 
 mes5/x86_64/lib64gd2-2.0.35-6.1mdvmes5.x86_64.rpm
 607e283d1361a2a96321dc0379694a82 
 mes5/x86_64/lib64gd-devel-2.0.35-6.1mdvmes5.x86_64.rpm
 b3cad5c4e74f33f80084dfcd39c15066 
 mes5/x86_64/lib64gd-static-devel-2.0.35-6.1mdvmes5.x86_64.rpm 
 f8d52f8fa6f2293104e0f7efe1f7813d  mes5/SRPMS/gd-2.0.35-6.1mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 4747f4e4dc27468a95042588e404408f 
 mnf/2.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
 f6db5567845a718254f7f46780405121 
 mnf/2.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
 564143eee8ea15f96bec0c87c0585067 
 mnf/2.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
 b3eb34d29849cdb83ebc658c616e7634 
 mnf/2.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm 
 bb33f217b6c18e6e9076a235ace81cab  mnf/2.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK3aKmmqjQ0CJFipgRAqYIAJ0fT+c75BABM3LmtAWj1oVw0ggHIQCg6t/v
FOF1M3BzT783w/39eoTYZTc=
=2yng
-----END PGP SIGNATURE-----


------------=_1256051012-13155-3084
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1256051012-13155-3084--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung