FLEA-2007-0052-1 gd

Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx> · Thu, 06 Sep 2007 18:37:46 -0800



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0052-1
Published: 2007-09-06

Rating: Moderate

Updated Versions:
    gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.5-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.17-2

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
    https://issues.rpath.com/browse/RPL-1643

Description:
    Previous versions of the gd package are vulnerable to multiple attacks in
    which an attacker may cause unbounded CPU consumption or application
    crashes (Denial of Service), possibly leading to the execution of malicious
    code (Unauthorized Access). These attacks are generally limited to uses of
    the gd library to load existing images rather than generate new images.
    
- ---

Copyright 2007 Foresight Linux Project
Portions copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRuC5bNfwEn07iAtZAQLWeRAAmA76x+kZUN6WmiEQbF5ZgLzXtBTsQsCo
jaa2kSr193lueTuZnSJGmhCLpDRp+dcXJT9hWdp74WtlBERM4EPHpFOqZR4JMM6h
tZlHF1DIP1WuaqssUureSqdMnK2RW1iyfzATMYq3snlN1FWlS4MtwrOL7lYCpgux
YOJ29kEm6GU3U81mMDixOhRsGjQMqjai/Usf/qz5ipmVlh3wk5btSBzGipVuYOss
XnxIP4p+17Hqx26EHXTSDlCvsYaewSL7+fnSfGH4xs9Wyi6gN0/yzbu76g0a2jIX
gl/ND1wAL8dWKCRMTG8WVxj4XQbV9HlirRzIsCQenpJ2HAaNcFYXkntAdCmiph1l
qU6vtEdy0bZGiKVzvM5pG0S/Gzl06eSNkj+AjK1Joqn4PprYAcOPng1QnCXdLdWG
sd2z320NH0wN1AJfBu1fFfwmoy8CJHkoRbjLjQEvPOG6dnpuNa4KC4e80Ps/PgdM
zJH/xXzFLpHD6VtdQ/lArMqcc7ur1NPKLbedPMZuMWR3HGC7HrMXxe/t1uftQmzh
DPm1T30PqoHdH3/SKghG/Rocu/G56Cfbua63aN1JzON+T13zikOuLLFXAHBOEV75
XZ9P4A6M+2M5JvoXksBvz18sMVXYKW651CviaOR90rC+h86HAZEdWA4GShAJi9Fx
xjGTZrUYpfs=
=Jfx/
-----END PGP SIGNATURE-----