Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilitie

From Devin Carraway@1:229/2 to All on Tue Jul 22 09:10:14 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1613-1 [email protected] http://www.debian.org/security/ Devin Carraway
July 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : libgd2
Vulnerability : multiple vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2007-2445
Debian Bug : 443456

Multiple vulnerabilities have been identified in libgd2, a library
for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three
issues:

CVE-2007-2445

Grayscale PNG files containing invalid tRNS chunk CRC values
could cause a denial of service (crash), if a maliciously
crafted image is loaded into an application using libgd.

CVE-2007-3476

An array indexing error in libgd's GIF handling could induce a
denial of service (crash with heap corruption) if exceptionally
large color index values are supplied in a maliciously crafted
GIF image file.

CVE-2007-3477

The imagearc() and imagefilledarc() routines in libgd allow
an attacker in control of the parameters used to specify
the degrees of arc for those drawing functions to perform
a denial of service attack (excessive CPU consumption).

CVE-2007-3996

Multiple integer overflows exist in libgd's image resizing and
creation routines; these weaknesses allow an attacker in control
of the parameters passed to those routines to induce a crash or
execute arbitrary code with the privileges of the user running
an application or interpreter linked against libgd2.

For the stable distribution (etch), these problems have been fixed in
version 2.0.33-5.2etch1. For the unstable distribution (sid), the
problem has been fixed in version 2.0.35.dfsg-1.

We recommend that you upgrade your libgd2 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.diff.gz
Size/MD5 checksum: 299546 bbcc9e441bb47f54eb6627a79aef95c8
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.dsc
Size/MD5 checksum: 987 026ab752f6c09db61257eadc2dc7495f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
Size/MD5 checksum: 587617 be0a6d326cd8567e736fbc75df0a5c45

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_alpha.deb
Size/MD5 checksum: 366896 2d69e2c1ba03065236cb1269ede5f1a3
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_alpha.deb
Size/MD5 checksum: 147510 afd6328854cd0a783a49c8e2a317ab86
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_alpha.deb
Size/MD5 checksum: 211288 3791111d9461d64acdebefd36bd094b9
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_alpha.deb
Size/MD5 checksum: 209562 84fbf1d0314582e2423b91ab9fabc26d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_alpha.deb
Size/MD5 checksum: 363162 c63aa212712903d47c6cba7f208b6eff

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_amd64.deb
Size/MD5 checksum: 342788 fb2ede45cc40b4f5028cb771897a9a91
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_amd64.deb
Size/MD5 checksum: 145242 f56629274f27b7f1db09ec669ba3c1ce
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_amd64.deb
Size/MD5 checksum: 200460 24620eba0b8767f0e8df185ca262dda0
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_amd64.deb
Size/MD5 checksum: 340868 8e2c86769cf213d5810297310e176888
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_amd64.deb
Size/MD5 checksum: 203322 006e39d79be19c437ebd9b88aabbc46e

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_arm.deb
Size/MD5 checksum: 195610 cffd7f5c304168483d4a9fd8e8bf4cac
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_arm.deb
Size/MD5 checksum: 337472 8b306ec0ff60c785ef728680a1bcbc9c
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_arm.deb
Size/MD5 checksum: 145138 da2dc662fb65c79e3be4f4316cd1c475
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_arm.deb
Size/MD5 checksum: 197640 de10de2a6a604ca0219415d90240922a
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_arm.deb
Size/MD5 checksum: 334880 7eaa4ca8ec2f1929171d353a7dca70ea

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_hppa.deb
Size/MD5 checksum: 206646 a4076e4cd5b1a2e77208d2f4c9d6fd72
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_hppa.deb
Size/MD5 checksum: 147620 5a3eb7577e071214a10915d2a12ff050
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_hppa.deb
Size/MD5 checksum: 352034 117102f8ab98a933ba5e08257298c302
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_hppa.deb
Size/MD5 checksum: 209222 b2425804bd51a60d8a4325db84605450

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	153:37:22
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,669

[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilitie

Who's Online

Recent Visitors

System Info