[SECURITY] Fedora Core 3 Update: gd-2.0.28-1.30.1

Phil Knirsch pknirsch at redhat.com
Thu Nov 11 12:43:56 UTC 2004


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-412
2004-11-11
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : gd
Version     : 2.0.28
Release     : 1.30.1
Summary     : A graphics library for quick creation of PNG or JPEG images.
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

---------------------------------------------------------------------
Update Information:

Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.

Whilst researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941
to these issues.

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Nov 03 2004 Phil Knirsch <pknirsch at redhat.com> 2.0.28-1.30.1

- Fixed several buffer overflows for gdMalloc() calls


---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

1c43a52dbccf6fc0f41a51177f68039c  SRPMS/gd-2.0.28-1.30.1.src.rpm
2d5162b7b1ee9cc41f6e449317a35544  x86_64/gd-2.0.28-1.30.1.x86_64.rpm
fdf01ac8589f415447db35126fa9c21d  x86_64/gd-progs-2.0.28-1.30.1.x86_64.rpm
bebd31faf06696a1a4118e72fccfdef0  x86_64/gd-devel-2.0.28-1.30.1.x86_64.rpm
2f9e1862d862b7137f303fa63511ba3f 
x86_64/debug/gd-debuginfo-2.0.28-1.30.1.x86_64.rpm
43fdf0c898b78cb6524ce7238b134ab0  x86_64/gd-2.0.28-1.30.1.i386.rpm
43fdf0c898b78cb6524ce7238b134ab0  i386/gd-2.0.28-1.30.1.i386.rpm
1775b1c9061551b38bed8a0345e13daa  i386/gd-progs-2.0.28-1.30.1.i386.rpm
9e73a389b07da7ceb7f4571852344a0c  i386/gd-devel-2.0.28-1.30.1.i386.rpm
70e4cb5dad28af83ee4237569c8a244c 
i386/debug/gd-debuginfo-2.0.28-1.30.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

-- 
Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil at redhat.de>
Hauptstaetterstr. 58 | Web:   http://www.redhat.de/
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.




More information about the announce mailing list