--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2254 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2254 2005-03-05 ---------------------------------------------------------------------
Name : gd Versions : rh7.3: gd-1.8.4-4.1.legacy Versions : rh9: gd-1.8.4-11.1.legacy Versions : fc1: gd-2.0.15-1.2.legacy Summary : A graphics library for quick creation of PNG or JPEG images. Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills. The library will write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most Web browsers. Note that gd is not a paint or graphics manipulation program.
--------------------------------------------------------------------- Update Information:
Updated gd packages that fix security issues with overflow in various memory allocation calls are now available.
The gd packages contain a graphics library used for the dynamic creation of images such as PNG and JPEG.
Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.
While researching the fixes to these overflows, additional buffer overflows were discovered in calls to gdMalloc. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941 to these issues.
Users of gd should upgrade to these updated packages, which contain a backported security patch, and are not vulnerable to these issues.
--------------------------------------------------------------------- Changelogs
rh73: * Tue Dec 21 2004 Pekka Savola <pekkas@xxxxxxxxxx>: 1.8.4-4.1.legacy - Fix CAN-2004-0941,CAN-2004-0990, from RHEL.
rh9: * Tue Dec 21 2004 Pekka Savola <pekkas@xxxxxxxxxx>: 1.8.4-11.1.legacy - Fix CAN-2004-0941,CAN-2004-0990, from RHEL.
fc1:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.15-1.2.legacy
- Added missing XFree86-devel BuildPrereq
* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.15-1.1.legacy
- Added security patch for CAN-2004-0941 and CAN-2004-0990
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
rh7.3:
094e683de916db07104de9f735a0773db3a89d25 redhat/7.3/updates-testing/i386/gd-1.8.4-4.1.legacy.i386.rpm
addb29d84db162ceedd78e208efa08b3f7b35589 redhat/7.3/updates-testing/i386/gd-devel-1.8.4-4.1.legacy.i386.rpm
e736bda88bfdc20a5560c33a2866d36af57d365a redhat/7.3/updates-testing/i386/gd-progs-1.8.4-4.1.legacy.i386.rpm
f75168266e076834d3c8c4bd247f5b71dd46a6b3 redhat/7.3/updates-testing/SRPMS/gd-1.8.4-4.1.legacy.src.rpm
rh9:
3315825ff28caf0516227aa9c7b60df6ad5fb865 redhat/9/updates-testing/i386/gd-1.8.4-11.1.legacy.i386.rpm
e4e1128a446799ade2bdfd31c2b2165e8391298c redhat/9/updates-testing/i386/gd-devel-1.8.4-11.1.legacy.i386.rpm
68ddd0a5e252b8c478006a7121a516a125b468e7 redhat/9/updates-testing/i386/gd-progs-1.8.4-11.1.legacy.i386.rpm
66a0ea816ea63de04c80914410cec6d772e89dee redhat/9/updates-testing/SRPMS/gd-1.8.4-11.1.legacy.src.rpm
fc1:
e468a13340eb0adc2c4a53ea46db6acd2a909cdc fedora/1/updates-testing/i386/gd-2.0.15-1.2.legacy.i386.rpm
1b589147f1a2779031d9815c330b919098fcc4ca fedora/1/updates-testing/i386/gd-devel-2.0.15-1.2.legacy.i386.rpm
eec3d79e1bb687c7aae118d561ff8683d0c4713d fedora/1/updates-testing/i386/gd-progs-2.0.15-1.2.legacy.i386.rpm
ca49d8c20730afd691e5cbe83b9c396a57a789aa fedora/1/updates-testing/SRPMS/gd-2.0.15-1.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list