- ------------------------------------------------------------------------Debian Security Advisory DSA-1613-1                  security@debian.org
http://www.debian.org/security/                           Devin Carraway
July 22, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : libgd2
Vulnerability  : multiple vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2007-2445
Debian Bug     : 443456

Multiple vulnerabilities have been identified in libgd2, a library
for programmatic graphics creation and manipulation.  The Common
Vulnerabilities and Exposures project identifies the following three


    Grayscale PNG files containing invalid tRNS chunk CRC values
    could cause a denial of service (crash), if a maliciously
    crafted image is loaded into an application using libgd.


    An array indexing error in libgd's GIF handling could induce a
    denial of service (crash with heap corruption) if exceptionally
    large color index values are supplied in a maliciously crafted
    GIF image file.


    The imagearc() and imagefilledarc() routines in libgd allow
    an attacker in control of the parameters used to specify
    the degrees of arc for those drawing functions to perform
    a denial of service attack (excessive CPU consumption).


    Multiple integer overflows exist in libgd's image resizing and
    creation routines; these weaknesses allow an attacker in control
    of the parameters passed to those routines to induce a crash or
    execute arbitrary code with the privileges of the user running
    an application or interpreter linked against libgd2.

For the stable distribution (etch), these problems have been fixed in
version 2.0.33-5.2etch1.  For the unstable distribution (sid), the
problem has been fixed in version 2.0.35.dfsg-1.

We recommend that you upgrade your libgd2 packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------Debian (stable)
- ---------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:   299546 bbcc9e441bb47f54eb6627a79aef95c8
      Size/MD5 checksum:      987 026ab752f6c09db61257eadc2dc7495f
      Size/MD5 checksum:   587617 be0a6d326cd8567e736fbc75df0a5c45

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   366896 2d69e2c1ba03065236cb1269ede5f1a3
      Size/MD5 checksum:   147510 afd6328854cd0a783a49c8e2a317ab86
      Size/MD5 checksum:   211288 3791111d9461d64acdebefd36bd094b9
      Size/MD5 checksum:   209562 84fbf1d0314582e2423b91ab9fabc26d
      Size/MD5 checksum:   363162 c63aa212712903d47c6cba7f208b6eff

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   342788 fb2ede45cc40b4f5028cb771897a9a91
      Size/MD5 checksum:   145242 f56629274f27b7f1db09ec669ba3c1ce
      Size/MD5 checksum:   200460 24620eba0b8767f0e8df185ca262dda0
      Size/MD5 checksum:   340868 8e2c86769cf213d5810297310e176888
      Size/MD5 checksum:   203322 006e39d79be19c437ebd9b88aabbc46e

arm architecture (ARM)

      Size/MD5 checksum:   195610 cffd7f5c304168483d4a9fd8e8bf4cac
      Size/MD5 checksum:   337472 8b306ec0ff60c785ef728680a1bcbc9c
      Size/MD5 checksum:   145138 da2dc662fb65c79e3be4f4316cd1c475
      Size/MD5 checksum:   197640 de10de2a6a604ca0219415d90240922a
      Size/MD5 checksum:   334880 7eaa4ca8ec2f1929171d353a7dca70ea

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   206646 a4076e4cd5b1a2e77208d2f4c9d6fd72
      Size/MD5 checksum:   147620 5a3eb7577e071214a10915d2a12ff050
      Size/MD5 checksum:   352034 117102f8ab98a933ba5e08257298c302
      Size/MD5 checksum:   209222 b2425804bd51a60d8a4325db84605450
      Size/MD5 checksum:   349162 979723a81f62d6c2dbdac56d66fde6dc

i386 architecture (Intel ia32)

      Size/MD5 checksum:   144040 a19b726c38ae5b760d12f002dc26386b
      Size/MD5 checksum:   338582 837a0b4917dd5a9ea44894d1c86dac20
      Size/MD5 checksum:   335902 e03aba661c8c802c405c1c5caaf7e2fc
      Size/MD5 checksum:   199410 1dcc174038ee43b0c3f896255c08da8b
      Size/MD5 checksum:   196760 9c41f2bcaf00e296a8f753bc89b042bf

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   233692 237f0cf48ab28f55de21165882949929
      Size/MD5 checksum:   381794 b7f95b4d44a908ef0a957fce2445d042
      Size/MD5 checksum:   379680 a67cc374d45b934e8f129b375c3c2b90
      Size/MD5 checksum:   149758 3ec3577b790136172e618afdd0ffc396
      Size/MD5 checksum:   236256 f1153b75a2411e99de161ff3aae1ee4b

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   197818 16ccf2325098ba8445b20cf9334f44a5
      Size/MD5 checksum:   200208 63fd7dc16cc9387bf51248a668320887
      Size/MD5 checksum:   145086 fe0c795d4a004fb18182d5f390219a3c
      Size/MD5 checksum:   349902 888522b2d61e05efa52b2f58d13d4a30
      Size/MD5 checksum:   347360 558ce7647ccf4d20278208a3d46d51d3

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   348768 938cff5e66d4cf7894e5b33f2c7cc934
      Size/MD5 checksum:   199920 67023552469fc4a30487009147866458
      Size/MD5 checksum:   351440 f5a690e113e800c2583344c77746d521
      Size/MD5 checksum:   144500 a8247e6bb2fbbcf7bba9fc756ec92e88
      Size/MD5 checksum:   202396 b5bbcb8b61ca28f8e85ef6cf54d02644

powerpc architecture (PowerPC)

      Size/MD5 checksum:   204266 332c8482ea4f9af50183e8be4f59e9ea
      Size/MD5 checksum:   202356 047679dee0a8d17815a905dab7ec8c0c
      Size/MD5 checksum:   347384 9508cff125f5e547be56895ac6e41a4c
      Size/MD5 checksum:   152934 51080a4fc09ddbae6e0b809169008f53
      Size/MD5 checksum:   344726 393b4d213d0be6908e7c0c206cb57c39

s390 architecture (IBM S/390)

      Size/MD5 checksum:   145158 1dfae9aa0d59be8fbbbbcaa310d508c4
      Size/MD5 checksum:   344760 ceadabf4a6895ccb33d615132d05cdc9
      Size/MD5 checksum:   341418 c41f6ad2a4563d45fa17a09dc92f347e
      Size/MD5 checksum:   206184 8a1c0ab32b20b7debf4beba96be1f7ef
      Size/MD5 checksum:   203650 04beedd2705136d9bc12fdfc9c3744ae

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   199146 2ac9e88e993bd74e3bb09c0bb71a6d5d
      Size/MD5 checksum:   144180 5631f2908055df679f94bc305b951dd8
      Size/MD5 checksum:   338830 d4946419e41d3ad04303201e3d2a15ac
      Size/MD5 checksum:   196570 fe461b1cfac5b156544d3beb349d1d01
      Size/MD5 checksum:   336322 07433fa292e875eabcbd43562a5184ee

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: new libgd2 packages fix multiple vulnerabilities

July 22, 2008
Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using ...