---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-411
2004-11-11
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : gd
Version     : 2.0.21
Release     : 5.20.1
Summary     : A graphics library for quick creation of PNG or JPEG images.
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

---------------------------------------------------------------------
Update Information:

Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.

Whilst researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941
to these issues.

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.
---------------------------------------------------------------------
* Thu Nov 04 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.21-5.20.1

- Backport of fix for several buffer overflows in gdMalloc() calls


---------------------------------------------------------------------
This update can be downloaded from:
     

860ef179fc02b24faeb9c7ad6d3dd2c5  SRPMS/gd-2.0.21-5.20.1.src.rpm
cc924e3a5eb622f8729a8940472bc19f  x86_64/gd-2.0.21-5.20.1.x86_64.rpm
cbfe3743fb6ed1d11e562af6617dd6cf  x86_64/gd-progs-2.0.21-5.20.1.x86_64.rpm
899927fad1d49a55bedd96f12d308a81  x86_64/gd-devel-2.0.21-5.20.1.x86_64.rpm
4f034123d7a07054a2284fd1aef02e2e
x86_64/debug/gd-debuginfo-2.0.21-5.20.1.x86_64.rpm
32203e8cff61a2a6799426b695f35650  i386/gd-2.0.21-5.20.1.i386.rpm
2812f648f8f6570b51b326fb400e985f  i386/gd-progs-2.0.21-5.20.1.i386.rpm
7e48d961b951212bc44372b489da9917  i386/gd-devel-2.0.21-5.20.1.i386.rpm
6dd526e9a1a3cbf79b36671335328224
i386/debug/gd-debuginfo-2.0.21-5.20.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

Fedora: gd-2.0.21-5.20.1 update

November 11, 2004
Several buffer overflows were reported in various memory allocation calls

Summary

The gd graphics library allows your code to quickly draw images

complete with lines, arcs, text, multiple colors, cut and paste from

other images, and flood fills, and to write out the result as a PNG or

JPEG file. This is particularly useful in Web applications, where PNG

and JPEG are two of the formats accepted for inline images by most

browsers. Note that gd is not a paint program.

Update Information:

Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.

Whilst researching the fixes to these overflows, additional buffer overflows were discovered in calls to gdMalloc. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941 to these issues.

Users of gd should upgrade to these updated packages, which contain a backported security patch, and are not vulnerable to these issues. * Thu Nov 04 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.21-5.20.1

- Backport of fix for several buffer overflows in gdMalloc() calls


This update can be downloaded from:


860ef179fc02b24faeb9c7ad6d3dd2c5 SRPMS/gd-2.0.21-5.20.1.src.rpm cc924e3a5eb622f8729a8940472bc19f x86_64/gd-2.0.21-5.20.1.x86_64.rpm cbfe3743fb6ed1d11e562af6617dd6cf x86_64/gd-progs-2.0.21-5.20.1.x86_64.rpm 899927fad1d49a55bedd96f12d308a81 x86_64/gd-devel-2.0.21-5.20.1.x86_64.rpm 4f034123d7a07054a2284fd1aef02e2e x86_64/debug/gd-debuginfo-2.0.21-5.20.1.x86_64.rpm 32203e8cff61a2a6799426b695f35650 i386/gd-2.0.21-5.20.1.i386.rpm 2812f648f8f6570b51b326fb400e985f i386/gd-progs-2.0.21-5.20.1.i386.rpm 7e48d961b951212bc44372b489da9917 i386/gd-devel-2.0.21-5.20.1.i386.rpm 6dd526e9a1a3cbf79b36671335328224 i386/debug/gd-debuginfo-2.0.21-5.20.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Change Log

References

Fedora Update Notification FEDORA-2004-411 2004-11-11 Product : Fedora Core 2 Name : gd Version : 2.0.21 Release : 5.20.1 Summary : A graphics library for quick creation of PNG or JPEG images. Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program.

Update Instructions

Severity
Product : Fedora Core 2
Name : gd
Version : 2.0.21
Release : 5.20.1
Summary : A graphics library for quick creation of PNG or JPEG images.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved