From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1936-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano November 17, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libgd2
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2007-0455 CVE-2009-3546
Debian Bug : 408982 552534
Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-0455
Kees Cook discovered a buffer overflow in libgd2's font renderer. An
attacker could cause denial of service (application crash) and
possibly execute arbitrary code via a crafted string with a JIS
encoded font. This issue only affects the oldstable distribution
(etch).
CVE-2009-3546
Tomas Hoger discovered a boundary error in the "_gdGetColors()"
function. An attacker could conduct a buffer overflow or buffer
over-read attacks via a crafted GD file.
For the oldstable distribution (etch), these problems have been fixed in version 2.0.33-5.2etch2.
For the stable distribution (lenny), these problems have been fixed in
version 2.0.36~rc1~dfsg-3+lenny1.
For the upcoming stable distribution (squeeze) and the unstable
distribution ion (sid), these problems have been fixed in version 2.0.36~rc1~dfsg-3.1.
We recommend that you upgrade your libgd2 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch2.diff.gz
Size/MD5 checksum: 301479 d2f4b2221cb0e05063f85157711638c7
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
Size/MD5 checksum: 587617 be0a6d326cd8567e736fbc75df0a5c45
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch2.dsc
Size/MD5 checksum: 988 c143f788dec8bc93ba7d80532600e09c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_alpha.deb
Size/MD5 checksum: 209706 350a29caa97e9308417968f4374fe4cb
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_alpha.deb
Size/MD5 checksum: 211442 ac64343bcbd2196196af6b942a603dab
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_alpha.deb
Size/MD5 checksum: 147620 9948cdf39afe83183bc1603cd90dd114
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_alpha.deb
Size/MD5 checksum: 366996 c0f31c20c69d49d3cb5dadfa95bbf605
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_alpha.deb
Size/MD5 checksum: 363262 76cc7a8c6e046be17f44b3dc6bfc6510
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_amd64.deb
Size/MD5 checksum: 203508 9ee2e8faf2371ffd8893b6d9d2ec021b
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_amd64.deb
Size/MD5 checksum: 341038 820d12d0f7f578add42fb3d13269d7f5
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_amd64.deb
Size/MD5 checksum: 200610 cdf81aad23ab53b1d28723c1e50895c9
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_amd64.deb
Size/MD5 checksum: 145376 1f20c829f68b560492c5f6cac3c0326d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_amd64.deb
Size/MD5 checksum: 342970 a8574f1ddb902aad8ebc4fab107d2210
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_arm.deb
Size/MD5 checksum: 194452 9933342f1462e2fb3a91572fe81d6d08
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_arm.deb
Size/MD5 checksum: 196524 291e331443613462a389a939f9c927ae
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_arm.deb
Size/MD5 checksum: 144878 a232085eb902a52df464b7aba1aa2b30
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_arm.deb
Size/MD5 checksum: 335830 a443f2cc96cb8c2e8ede402b6c7d70ff
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_arm.deb
Size/MD5 checksum: 333636 827656208c3803187e0e8284dbdb2c85
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_hppa.deb
Size/MD5 checksum: 206542 aaedbb6f18a46a19caa0b2af5622de1b
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_hppa.deb
Size/MD5 checksum: 351368 95f241fab6f416957fb3a3545a132f6d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_hppa.deb
Size/MD5 checksum: 348440 b8b8601eaff99fe3fb01ba88452be1b6
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_hppa.deb
Size/MD5 checksum: 148142 3ee9af605af8ca186f89e0669bfbacc8
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_hppa.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)