Advisories

Mandriva Advisories

Package name	gd
Date	February 6th, 2007
Advisory ID	MDKSA-2007:035
Affected versions	CS3.0, 2006.0, 2007.0, CS4.0
Synopsis	Updated gd packages fix DoS vulnerability.

Problem Description

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font.

Packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 47ba42ab82d3d625626a00c65e79effc  corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
 02256e730c508cff7acee1204f761512  corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
 082545ff3f1596c9ae30d5842442f29e  corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
 371c86bd9b0eecc7331dfbf72cd0ddd5  corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm 
 50b89a63317d23b8712efea59d6fd121  corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 9786831c164719c081bf7d56c276a157  corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm
 141d9ff878b727046f2484e931f662f7  corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm
 84823810c9c592e0505862cc5882b131  corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm
 c53cef0bf475c4eeeb59bf4e5c4a11aa  corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm 
 50b89a63317d23b8712efea59d6fd121  corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Mandriva Linux 2006

 bb5df1fd9874cb4538bd24ba722849c3  2006.0/i586/gd-utils-2.0.33-3.2.20060mdk.i586.rpm
 311dbbc55d0d4d80d47305b397dccdfa  2006.0/i586/libgd2-2.0.33-3.2.20060mdk.i586.rpm
 6d9f985a8266df26f4642dd985afd3c8  2006.0/i586/libgd2-devel-2.0.33-3.2.20060mdk.i586.rpm
 cb18cfd4467243366179b50f60877683  2006.0/i586/libgd2-static-devel-2.0.33-3.2.20060mdk.i586.rpm 
 f4ed9e9a93903a69682da9f898127575  2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 ffe7cb2190e4d347f82b477b4b90617f  2006.0/x86_64/gd-utils-2.0.33-3.2.20060mdk.x86_64.rpm
 92e96a8d5004b396aab5acc4cc853d8e  2006.0/x86_64/lib64gd2-2.0.33-3.2.20060mdk.x86_64.rpm
 6a7247cbd5dfd03e51181711404f8dc5  2006.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mdk.x86_64.rpm
 cedc398df2eae9a72c4c967b421ceb32  2006.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mdk.x86_64.rpm 
 f4ed9e9a93903a69682da9f898127575  2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm

Mandriva Linux 2007

 efddec174f28af4832a9fb488292a9ab  2007.0/i586/gd-utils-2.0.33-5.1mdv2007.0.i586.rpm
 4f97206e59ac7f365c458a825a0548f6  2007.0/i586/libgd2-2.0.33-5.1mdv2007.0.i586.rpm
 466025b4339876efbfee2a7466a46fa2  2007.0/i586/libgd2-devel-2.0.33-5.1mdv2007.0.i586.rpm
 8a662acf86e0dc6ef7ef6207f8e1ec5d  2007.0/i586/libgd2-static-devel-2.0.33-5.1mdv2007.0.i586.rpm 
 c9690844ec1145ed47053e1194fe9dc3  2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 0442cd89cc1fc63d34afc1d7e05576fa  2007.0/x86_64/gd-utils-2.0.33-5.1mdv2007.0.x86_64.rpm
 10cdbd6617bfef0029cafdc7a9650761  2007.0/x86_64/lib64gd2-2.0.33-5.1mdv2007.0.x86_64.rpm
 3d02da82cf6e5a9885126709b0318c1a  2007.0/x86_64/lib64gd2-devel-2.0.33-5.1mdv2007.0.x86_64.rpm
 b696d03707bee9f0c107e88de26f0bf5  2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.1mdv2007.0.x86_64.rpm 
 c9690844ec1145ed47053e1194fe9dc3  2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm

Corporate Server 4.0

 58ca4f9b316790c648400059a73e53cd  corporate/4.0/i586/gd-utils-2.0.33-3.2.20060mlcs4.i586.rpm
 57f262fc41dc138a2b01b513e7a6977d  corporate/4.0/i586/libgd2-2.0.33-3.2.20060mlcs4.i586.rpm
 dfeb2d6e537bcd39e8c4f4dc3cc97782  corporate/4.0/i586/libgd2-devel-2.0.33-3.2.20060mlcs4.i586.rpm
 fdd201797572fc130767b6dfa3aaefa5  corporate/4.0/i586/libgd2-static-devel-2.0.33-3.2.20060mlcs4.i586.rpm 
 91e6169527be92d0a4e1ef4a62bc4dd4  corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 572ae62589b39a2bf9d4dd5b7c34e827  corporate/4.0/x86_64/gd-utils-2.0.33-3.2.20060mlcs4.x86_64.rpm
 ca43f6e9a811f49cf442b73c845c8d64  corporate/4.0/x86_64/lib64gd2-2.0.33-3.2.20060mlcs4.x86_64.rpm
 8111cbbe7d7fc966fdb8f3c310cf6653  corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm
 32e355162f4e68f339cf98f1c1baf53d  corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm 
 91e6169527be92d0a4e1ef4a62bc4dd4  corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer