Linux Security
    Linux Security
    Linux Security

    Debian: new libgd2 packages fix multiple vulnerabilities

    Date 21 Jul 2008
    Posted By LinuxSecurity Advisories
    Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1613-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Devin Carraway
    July 22, 2008               
    - ------------------------------------------------------------------------
    Package        : libgd2
    Vulnerability  : multiple vulnerabilities
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2007-2445
    Debian Bug     : 443456
    Multiple vulnerabilities have been identified in libgd2, a library
    for programmatic graphics creation and manipulation.  The Common
    Vulnerabilities and Exposures project identifies the following three
        Grayscale PNG files containing invalid tRNS chunk CRC values
        could cause a denial of service (crash), if a maliciously
        crafted image is loaded into an application using libgd.
        An array indexing error in libgd's GIF handling could induce a
        denial of service (crash with heap corruption) if exceptionally
        large color index values are supplied in a maliciously crafted
        GIF image file.
        The imagearc() and imagefilledarc() routines in libgd allow
        an attacker in control of the parameters used to specify
        the degrees of arc for those drawing functions to perform
        a denial of service attack (excessive CPU consumption).
        Multiple integer overflows exist in libgd's image resizing and
        creation routines; these weaknesses allow an attacker in control
        of the parameters passed to those routines to induce a crash or
        execute arbitrary code with the privileges of the user running
        an application or interpreter linked against libgd2.
    For the stable distribution (etch), these problems have been fixed in
    version 2.0.33-5.2etch1.  For the unstable distribution (sid), the
    problem has been fixed in version 2.0.35.dfsg-1.
    We recommend that you upgrade your libgd2 packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:   299546 bbcc9e441bb47f54eb6627a79aef95c8
        Size/MD5 checksum:      987 026ab752f6c09db61257eadc2dc7495f
        Size/MD5 checksum:   587617 be0a6d326cd8567e736fbc75df0a5c45
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   366896 2d69e2c1ba03065236cb1269ede5f1a3
        Size/MD5 checksum:   147510 afd6328854cd0a783a49c8e2a317ab86
        Size/MD5 checksum:   211288 3791111d9461d64acdebefd36bd094b9
        Size/MD5 checksum:   209562 84fbf1d0314582e2423b91ab9fabc26d
        Size/MD5 checksum:   363162 c63aa212712903d47c6cba7f208b6eff
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   342788 fb2ede45cc40b4f5028cb771897a9a91
        Size/MD5 checksum:   145242 f56629274f27b7f1db09ec669ba3c1ce
        Size/MD5 checksum:   200460 24620eba0b8767f0e8df185ca262dda0
        Size/MD5 checksum:   340868 8e2c86769cf213d5810297310e176888
        Size/MD5 checksum:   203322 006e39d79be19c437ebd9b88aabbc46e
    arm architecture (ARM)
        Size/MD5 checksum:   195610 cffd7f5c304168483d4a9fd8e8bf4cac
        Size/MD5 checksum:   337472 8b306ec0ff60c785ef728680a1bcbc9c
        Size/MD5 checksum:   145138 da2dc662fb65c79e3be4f4316cd1c475
        Size/MD5 checksum:   197640 de10de2a6a604ca0219415d90240922a
        Size/MD5 checksum:   334880 7eaa4ca8ec2f1929171d353a7dca70ea
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   206646 a4076e4cd5b1a2e77208d2f4c9d6fd72
        Size/MD5 checksum:   147620 5a3eb7577e071214a10915d2a12ff050
        Size/MD5 checksum:   352034 117102f8ab98a933ba5e08257298c302
        Size/MD5 checksum:   209222 b2425804bd51a60d8a4325db84605450
        Size/MD5 checksum:   349162 979723a81f62d6c2dbdac56d66fde6dc
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   144040 a19b726c38ae5b760d12f002dc26386b
        Size/MD5 checksum:   338582 837a0b4917dd5a9ea44894d1c86dac20
        Size/MD5 checksum:   335902 e03aba661c8c802c405c1c5caaf7e2fc
        Size/MD5 checksum:   199410 1dcc174038ee43b0c3f896255c08da8b
        Size/MD5 checksum:   196760 9c41f2bcaf00e296a8f753bc89b042bf
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   233692 237f0cf48ab28f55de21165882949929
        Size/MD5 checksum:   381794 b7f95b4d44a908ef0a957fce2445d042
        Size/MD5 checksum:   379680 a67cc374d45b934e8f129b375c3c2b90
        Size/MD5 checksum:   149758 3ec3577b790136172e618afdd0ffc396
        Size/MD5 checksum:   236256 f1153b75a2411e99de161ff3aae1ee4b
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   197818 16ccf2325098ba8445b20cf9334f44a5
        Size/MD5 checksum:   200208 63fd7dc16cc9387bf51248a668320887
        Size/MD5 checksum:   145086 fe0c795d4a004fb18182d5f390219a3c
        Size/MD5 checksum:   349902 888522b2d61e05efa52b2f58d13d4a30
        Size/MD5 checksum:   347360 558ce7647ccf4d20278208a3d46d51d3
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   348768 938cff5e66d4cf7894e5b33f2c7cc934
        Size/MD5 checksum:   199920 67023552469fc4a30487009147866458
        Size/MD5 checksum:   351440 f5a690e113e800c2583344c77746d521
        Size/MD5 checksum:   144500 a8247e6bb2fbbcf7bba9fc756ec92e88
        Size/MD5 checksum:   202396 b5bbcb8b61ca28f8e85ef6cf54d02644
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   204266 332c8482ea4f9af50183e8be4f59e9ea
        Size/MD5 checksum:   202356 047679dee0a8d17815a905dab7ec8c0c
        Size/MD5 checksum:   347384 9508cff125f5e547be56895ac6e41a4c
        Size/MD5 checksum:   152934 51080a4fc09ddbae6e0b809169008f53
        Size/MD5 checksum:   344726 393b4d213d0be6908e7c0c206cb57c39
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   145158 1dfae9aa0d59be8fbbbbcaa310d508c4
        Size/MD5 checksum:   344760 ceadabf4a6895ccb33d615132d05cdc9
        Size/MD5 checksum:   341418 c41f6ad2a4563d45fa17a09dc92f347e
        Size/MD5 checksum:   206184 8a1c0ab32b20b7debf4beba96be1f7ef
        Size/MD5 checksum:   203650 04beedd2705136d9bc12fdfc9c3744ae
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   199146 2ac9e88e993bd74e3bb09c0bb71a6d5d
        Size/MD5 checksum:   144180 5631f2908055df679f94bc305b951dd8
        Size/MD5 checksum:   338830 d4946419e41d3ad04303201e3d2a15ac
        Size/MD5 checksum:   196570 fe461b1cfac5b156544d3beb349d1d01
        Size/MD5 checksum:   336322 07433fa292e875eabcbd43562a5184ee
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.