logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

[USN-473-1] libgd2 vulnerabilities: msg#00005

linux.ubuntu.security.announce

Subject: [USN-473-1] libgd2 vulnerabilities

===========================================================
Ubuntu Security Notice USN-473-1 June 11, 2007
libgd2 vulnerabilities
CVE-2007-0455, CVE-2007-2756
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libgd2-noxpm 2.0.33-2ubuntu5.2
libgd2-xpm 2.0.33-2ubuntu5.2

Ubuntu 6.10:
libgd2-noxpm 2.0.33-4ubuntu2.1
libgd2-xpm 2.0.33-4ubuntu2.1

Ubuntu 7.04:
libgd2-noxpm 2.0.34~rc1-2ubuntu1.1
libgd2-xpm 2.0.34~rc1-2ubuntu1.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

A buffer overflow was discovered in libgd2's font renderer. By tricking
an application using libgd2 into rendering a specially crafted string
with a JIS encoded font, a remote attacker could read heap memory or
crash the application, leading to a denial of service. (CVE-2007-0455)

Xavier Roche discovered that libgd2 did not correctly validate PNG
callback results. If an application were tricked into processing a
specially crafted PNG image, it would monopolize CPU resources. Since
libgd2 is often used in PHP and Perl web applications, this could lead
to a remote denial of service. (CVE-2007-2756)


Updated packages for Ubuntu 6.06 LTS:

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2ubuntu5.2.diff.gz
Size/MD5: 256873 8a8c75ce9c758b08a469529dd55c761b

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2ubuntu5.2.dsc
Size/MD5: 965 fc70ffc72898f2721f19b6bd73eacf20

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
Size/MD5: 587617 be0a6d326cd8567e736fbc75df0a5c45

Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.33-2ubuntu5.2_all.deb
Size/MD5: 129406 fef2507d7ed87eb033a3ec1075eae8d0

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.33-2ubuntu5.2_all.deb
Size/MD5: 129384 1a94025235145b79dec9002f40500005

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.2_amd64.deb
Size/MD5: 142846 b5610b98a36002b562ae6efca20a4bd0

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.2_amd64.deb
Size/MD5: 340982 eb728432aead858617e247f49fed54dd

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.2_amd64.deb
Size/MD5: 199788 7f18d19d1d7beb99796c75c7f5072b5b

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.2_amd64.deb
Size/MD5: 342712 918a27b0d930c3a31845e06d082d0e04

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.2_amd64.deb
Size/MD5: 201496 3dc69c3cbae3017174c8be38a709d052

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.2_i386.deb
Size/MD5: 141828 eb8dc3cdafd552648255d0f9a28b6918

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.2_i386.deb
Size/MD5: 330562 4e5c907bf850e5d753382eaf5b1e270c

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.2_i386.deb
Size/MD5: 192728 13e5578cc6825b0de8c5b7e4338a5822

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.2_i386.deb
Size/MD5: 331338 de1468e02a69d450f951fcc6ea3a8943

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.2_i386.deb
Size/MD5: 194450 6c258fd9c37bc11d0801b8e672598b63

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.2_powerpc.deb
Size/MD5: 151018 6a577bbe08bfb8745e35f9be83ffb70a

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.2_powerpc.deb
Size/MD5: 341892 5e67b78f8bc143fa802414589724a267

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.2_powerpc.deb
Size/MD5: 199822 5bc9a7b242fd3e9a7b1432f3aef76fd8

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.2_powerpc.deb
Size/MD5: 343798 5d3ccc5fef86fdfe98a8d4003c52ae67

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.2_powerpc.deb
Size/MD5: 201490 2b7c168be06a4f127a1ee4978a03a479

sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.2_sparc.deb
Size/MD5: 142090 966c1746528bc1e2a2eb7311f8154a68

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.2_sparc.deb
Size/MD5: 333674 aba33f0a8d1fb264fca0a36d2a13e496

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.2_sparc.deb
Size/MD5: 194034 2265a78c27e47ca22518f25aa1a6dcea

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.2_sparc.deb
Size/MD5: 335000 52dcb256662a72cb5e4a736e874f25e2

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.2_sparc.deb
Size/MD5: 195916 41c1a3d322eefa06cd4e3f04921b096f

Updated packages for Ubuntu 6.10:

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-4ubuntu2.1.diff.gz
Size/MD5: 264583 65f45c16574bc9376de4e618d699947c

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-4ubuntu2.1.dsc
Size/MD5: 955 077d1a11e3b050e53d896301d3b87e04

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
Size/MD5: 587617 be0a6d326cd8567e736fbc75df0a5c45

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-4ubuntu2.1_amd64.deb
Size/MD5: 145126 c83d8c72882225ade76928e5f5efb261

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-4ubuntu2.1_amd64.deb
Size/MD5: 343696 33901fa9c87912111496436ae6cc80ce

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-4ubuntu2.1_amd64.deb
Size/MD5: 202154 50954323f18f9d423a610475499a0c03

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-4ubuntu2.1_amd64.deb
Size/MD5: 345384 7d59fb92b24918330d1de2d80304cae1

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-4ubuntu2.1_amd64.deb
Size/MD5: 203806 8b37563e247c746c93a286d67daa29df

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-4ubuntu2.1_i386.deb
Size/MD5: 143862 9b071c10c54b761b0b6542dde2d6d5f5

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-4ubuntu2.1_i386.deb
Size/MD5: 333932 b6b58c1dcd5136420e4746a05e541109

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-4ubuntu2.1_i386.deb
Size/MD5: 197634 4aa06edab6e88701b1cc5594e2a6495f

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-4ubuntu2.1_i386.deb
Size/MD5: 335424 799c8ba7d1f7f1b4094353f63f1baafc

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-4ubuntu2.1_i386.deb
Size/MD5: 199288 359f1e24b45e8a74e376564812466a48

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-4ubuntu2.1_powerpc.deb
Size/MD5: 152960 7b5e3e4e9c0b73cc06063d92db93f8e9

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-4ubuntu2.1_powerpc.deb
Size/MD5: 344844 b5ef204b2ea559225a58c84e37d33913

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-4ubuntu2.1_powerpc.deb
Size/MD5: 202392 d879dd6a3998ea7bceb76e8d98defcb2

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-4ubuntu2.1_powerpc.deb
Size/MD5: 346742 7d3bf87d25efcc6cc33966c8ea0e03fd

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-4ubuntu2.1_powerpc.deb
Size/MD5: 203724 5c346a13ccfbd68a9bf35fc0e43eb9d9

sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-4ubuntu2.1_sparc.deb
Size/MD5: 144230 89b11a43fc58506fe480090a48ce3bc5

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-4ubuntu2.1_sparc.deb
Size/MD5: 336452 c46ecc69e655a038650bff5bba19dff0

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-4ubuntu2.1_sparc.deb
Size/MD5: 197000 4f1bab3cac675ab3c9afc3f3232652d0

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-4ubuntu2.1_sparc.deb
Size/MD5: 338622 9f11fb371e683f9efd46bda895393270

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-4ubuntu2.1_sparc.deb
Size/MD5: 198878 f9f95c40ce6733835a89ed70f8698ed7

Updated packages for Ubuntu 7.04:

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.34~rc1-2ubuntu1.1.diff.gz
Size/MD5: 21674 ef3adc9a70dae06fac9a85621117dbe9

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.34~rc1-2ubuntu1.1.dsc
Size/MD5: 916 5187f533b03cc3720afa516c94750996

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.34~rc1.orig.tar.gz
Size/MD5: 1261537 bfaf9bb0ebee54560b311e739e531c01

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.34~rc1-2ubuntu1.1_amd64.deb
Size/MD5: 147140 bef991dcaf75f7a0790dd6e8b4b68007

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.34~rc1-2ubuntu1.1_amd64.deb
Size/MD5: 347506 257aa8e12346981c841cfaca3d6a3bad

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.34~rc1-2ubuntu1.1_amd64.deb
Size/MD5: 206664 c19d956570c218911de9a44a5b925573

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.34~rc1-2ubuntu1.1_amd64.deb
Size/MD5: 349814 1f80c9752f5400ce210db4cdfe4e245f

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.34~rc1-2ubuntu1.1_amd64.deb
Size/MD5: 209032 2ec429476d00985a46d7bb297f824df1

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.34~rc1-2ubuntu1.1_i386.deb
Size/MD5: 145890 793273f3dcc7d6cb01a643acc432ae59

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.34~rc1-2ubuntu1.1_i386.deb
Size/MD5: 337246 4bceba1b1c6e89a3c49c89372df073da

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.34~rc1-2ubuntu1.1_i386.deb
Size/MD5: 202638 982781014bcce40a8a07cd132175b03c

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.34~rc1-2ubuntu1.1_i386.deb
Size/MD5: 340240 13908498289b84bda88c54a560ec7708

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.34~rc1-2ubuntu1.1_i386.deb
Size/MD5: 204584 f5de4a4663034fe479be0dd0e034b988

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.34~rc1-2ubuntu1.1_powerpc.deb
Size/MD5: 157844 211c610828e7b3d142704c44eca4fba3

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.34~rc1-2ubuntu1.1_powerpc.deb
Size/MD5: 348284 44c88c50a6f8072f2ab32cb623300b03

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.34~rc1-2ubuntu1.1_powerpc.deb
Size/MD5: 209936 df2da29b8ff1ecb8e50eff803e69574e

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.34~rc1-2ubuntu1.1_powerpc.deb
Size/MD5: 350614 bfc8a848b8691dfbed13a7c8924a6576

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.34~rc1-2ubuntu1.1_powerpc.deb
Size/MD5: 211532 25e60da2cad25369b325a0bdf1ae55a7

sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.34~rc1-2ubuntu1.1_sparc.deb
Size/MD5: 146828 306d2616c4123c3a8d5293f94e59a0b1

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.34~rc1-2ubuntu1.1_sparc.deb
Size/MD5: 339724 7827f6e20636bcba6480f7676984b26d

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.34~rc1-2ubuntu1.1_sparc.deb
Size/MD5: 201834 502372f3b2d959b95007c2472cd0f91c

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.34~rc1-2ubuntu1.1_sparc.deb
Size/MD5: 343018 945aec87e60f348c0d8770390459641c

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.34~rc1-2ubuntu1.1_sparc.deb
Size/MD5: 204202 233570b639f9cf58c02f89d445478f72

Attachment: signature.asc
Description: Digital signature
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [USN-471-1] libexif vulnerability, Kees Cook
Next by Date:  [USN-472-1] libpng vulnerability, Kees Cook
Previous by Thread:  [USN-471-1] libexif vulnerability, Kees Cook
Next by Thread:  [USN-472-1] libpng vulnerability, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
krysalis.sandbo...    web.zope.zwiki/...    gnome.apps.gnum...    xfree86.newbie/...    editors.vim/200...    mozilla.enigmai...    boot-loaders.gr...    network.vnc.ult...    redhat.release....    java.geronimo.u...    os.netbsd.devel...    horde.wicked/20...    linux.lsb.discu...    ietf.ips/2005-0...    alsa.devel/2002...    user-groups.lin...    package-managem...    debian.devel.da...    security.cyrus....    video.gstreamer...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation