lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 06 Sep 2007 18:37:46 -0800
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: security-alerts@...uxsecurity.com,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	lwn@....net
Subject: FLEA-2007-0052-1 gd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0052-1
Published: 2007-09-06

Rating: Moderate

Updated Versions:
    gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.5-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.17-2

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
    https://issues.rpath.com/browse/RPL-1643

Description:
    Previous versions of the gd package are vulnerable to multiple attacks in
    which an attacker may cause unbounded CPU consumption or application
    crashes (Denial of Service), possibly leading to the execution of malicious
    code (Unauthorized Access). These attacks are generally limited to uses of
    the gd library to load existing images rather than generate new images.
    
- ---

Copyright 2007 Foresight Linux Project
Portions copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRuC5bNfwEn07iAtZAQLWeRAAmA76x+kZUN6WmiEQbF5ZgLzXtBTsQsCo
jaa2kSr193lueTuZnSJGmhCLpDRp+dcXJT9hWdp74WtlBERM4EPHpFOqZR4JMM6h
tZlHF1DIP1WuaqssUureSqdMnK2RW1iyfzATMYq3snlN1FWlS4MtwrOL7lYCpgux
YOJ29kEm6GU3U81mMDixOhRsGjQMqjai/Usf/qz5ipmVlh3wk5btSBzGipVuYOss
XnxIP4p+17Hqx26EHXTSDlCvsYaewSL7+fnSfGH4xs9Wyi6gN0/yzbu76g0a2jIX
gl/ND1wAL8dWKCRMTG8WVxj4XQbV9HlirRzIsCQenpJ2HAaNcFYXkntAdCmiph1l
qU6vtEdy0bZGiKVzvM5pG0S/Gzl06eSNkj+AjK1Joqn4PprYAcOPng1QnCXdLdWG
sd2z320NH0wN1AJfBu1fFfwmoy8CJHkoRbjLjQEvPOG6dnpuNa4KC4e80Ps/PgdM
zJH/xXzFLpHD6VtdQ/lArMqcc7ur1NPKLbedPMZuMWR3HGC7HrMXxe/t1uftQmzh
DPm1T30PqoHdH3/SKghG/Rocu/G56Cfbua63aN1JzON+T13zikOuLLFXAHBOEV75
XZ9P4A6M+2M5JvoXksBvz18sMVXYKW651CviaOR90rC+h86HAZEdWA4GShAJi9Fx
xjGTZrUYpfs=
=Jfx/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists