lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed Jun 14 09:47:03 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-298-1] libgd2 vulnerability

=========================================================== 
Ubuntu Security Notice USN-298-1              June 13, 2006
libgd2 vulnerability
CVE-2006-2906
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libgd2-noxpm                   2.0.33-1.1ubuntu1.5.04
  libgd2-xpm                     2.0.33-1.1ubuntu1.5.04

Ubuntu 5.10:
  libgd2-noxpm                   2.0.33-1.1ubuntu1.5.10
  libgd2-xpm                     2.0.33-1.1ubuntu1.5.10

Ubuntu 6.06 LTS:
  libgd2-noxpm                   2.0.33-2ubuntu5.1
  libgd2-xpm                     2.0.33-2ubuntu5.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Xavier Roche discovered that libgd's function for reading GIF image
data did not sufficiently verify its validity. Specially crafted GIF
images could cause an infinite loop which used up all available CPU
resources. Since libgd is often used in PHP and Perl web applications,
this could lead to a remote Denial of Service vulnerability.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1.1ubuntu1.5.04.diff.gz
      Size/MD5:   259535 85c0f13b7f7ba029f629311c29708a0e
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1.1ubuntu1.5.04.dsc
      Size/MD5:      897 6e3fa540918cab2297fbdd77f87ea6c6
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
      Size/MD5:   587617 be0a6d326cd8567e736fbc75df0a5c45

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.33-1.1ubuntu1.5.04_all.deb
      Size/MD5:   128566 741f8358ae222a0ff9ff3e679e50e508
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.33-1.1ubuntu1.5.04_all.deb
      Size/MD5:   128546 d1fd6ab0661d2cfeaca8dfd2cf2b4c29

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-1.1ubuntu1.5.04_amd64.deb
      Size/MD5:   142554 fc8552468de8c3ff44249eb8bd4f84a0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1ubuntu1.5.04_amd64.deb
      Size/MD5:   338004 8abf135ee9e18ebd575dc5c8af7458db
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1ubuntu1.5.04_amd64.deb
      Size/MD5:   197030 d8836969867424381f0bd1c9e201bc8c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1ubuntu1.5.04_amd64.deb
      Size/MD5:   340906 81be91de25d223b9dfb3aeb7a4cbcece
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-1.1ubuntu1.5.04_amd64.deb
      Size/MD5:   199468 aca7a9bb0dd0b286eba82014d3cbb0b8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-1.1ubuntu1.5.04_i386.deb
      Size/MD5:   141060 71c2e67f310a0641b83f73c801174f76
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1ubuntu1.5.04_i386.deb
      Size/MD5:   329156 ee26bcd67da3925975e38fc73a26c71e
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1ubuntu1.5.04_i386.deb
      Size/MD5:   190724 98e8381effd02adcbc4358cf6890a882
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1ubuntu1.5.04_i386.deb
      Size/MD5:   330550 54689d29b260877e48c80d824cd384fe
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-1.1ubuntu1.5.04_i386.deb
      Size/MD5:   193258 53e97869e636c7ff19a03123bb50cf69

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-1.1ubuntu1.5.04_powerpc.deb
      Size/MD5:   150322 d47b3079e9403f954932b30b59ce2dc0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1ubuntu1.5.04_powerpc.deb
      Size/MD5:   341558 0b936726f765f2a43b76c128d9dbd1e1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1ubuntu1.5.04_powerpc.deb
      Size/MD5:   198802 cc4bdacf9c062630aa0abe0f603c21d7
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1ubuntu1.5.04_powerpc.deb
      Size/MD5:   344204 36df75287c80b2bfe6ce6e055e316686
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-1.1ubuntu1.5.04_powerpc.deb
      Size/MD5:   200872 4986d671d0f86482e77fe8bfa9aa8570

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1.1ubuntu1.5.10.diff.gz
      Size/MD5:   259538 2fe25e57080e57f04e996136400ce5ea
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1.1ubuntu1.5.10.dsc
      Size/MD5:      897 b0bc5f5e7621b5d22e25b51c829691b2
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
      Size/MD5:   587617 be0a6d326cd8567e736fbc75df0a5c45

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.33-1.1ubuntu1.5.10_all.deb
      Size/MD5:   128614 a80b952d55d3b613c43f2377c4ff609a
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.33-1.1ubuntu1.5.10_all.deb
      Size/MD5:   128598 e1dd73bd47a61f18fcbc87b69732d888

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-1.1ubuntu1.5.10_amd64.deb
      Size/MD5:   142034 5506ff14c3596c6e1b5626edd49d4e24
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1ubuntu1.5.10_amd64.deb
      Size/MD5:   339856 dad8ac889e8d7d31d5baa1a548fe6cdc
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1ubuntu1.5.10_amd64.deb
      Size/MD5:   198722 faf06f2f07dec2d2be64a12326960063
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1ubuntu1.5.10_amd64.deb
      Size/MD5:   341700 a11b339f5816689c3e11ea09e7ec6e5e
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-1.1ubuntu1.5.10_amd64.deb
      Size/MD5:   200492 c438e2fd26e731a03b65a04620425a1c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-1.1ubuntu1.5.10_i386.deb
      Size/MD5:   141228 a5964e70f6251e09fb3eacd04abaf09b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1ubuntu1.5.10_i386.deb
      Size/MD5:   329714 d4d19de1fccacfb980f554f45f17edfa
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1ubuntu1.5.10_i386.deb
      Size/MD5:   191820 ede2bfb510890e79db42b3955d267d9d
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1ubuntu1.5.10_i386.deb
      Size/MD5:   330542 a455e8499053ce7ccecc43d5d5172bbf
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-1.1ubuntu1.5.10_i386.deb
      Size/MD5:   193490 c4f8adc7781e6a9804ff3c61c953ab02

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-1.1ubuntu1.5.10_powerpc.deb
      Size/MD5:   150512 be558294bf97e07ce4edbd255e6dc823
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1ubuntu1.5.10_powerpc.deb
      Size/MD5:   340942 0e94071ee7e99d59f266974e09d8abd8
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1ubuntu1.5.10_powerpc.deb
      Size/MD5:   198898 e63ecd801b7eab04628bab0021e3bc17
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1ubuntu1.5.10_powerpc.deb
      Size/MD5:   342876 c9331ca003b0d3106c2d8164a01c9c53
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-1.1ubuntu1.5.10_powerpc.deb
      Size/MD5:   200400 cdc445bcc1bab8eddd77d77d8f335e93

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2ubuntu5.1.diff.gz
      Size/MD5:   256319 844263f2600763f5bce839ed87b300cb
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2ubuntu5.1.dsc
      Size/MD5:      967 b49061cd7ee4d1920ec4d98b41300258
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
      Size/MD5:   587617 be0a6d326cd8567e736fbc75df0a5c45

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.33-2ubuntu5.1_all.deb
      Size/MD5:   129252 014cbe434b45fa636394bbb695995ce6
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.33-2ubuntu5.1_all.deb
      Size/MD5:   129232 6b2cc0d4b6e9ed05977e137a43a263c3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.1_amd64.deb
      Size/MD5:   142706 30511267d1dc92cd309282459ad8103f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.1_amd64.deb
      Size/MD5:   340652 3fcd2e908c99d777c52fe6db237ec665
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.1_amd64.deb
      Size/MD5:   199526 1f1cbde5e0a7892e8da40241174fc0f8
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.1_amd64.deb
      Size/MD5:   342460 c46ca3765670f7cb18e7bdc46ad9eb82
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.1_amd64.deb
      Size/MD5:   201208 8c442dbc0de625f88de7c8c53dd01dd5

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.1_i386.deb
      Size/MD5:   141674 ffa2557f8301fc1cb58cd43258f15f71
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.1_i386.deb
      Size/MD5:   330368 180ecb6dba1e59da58ebdc5a41fa4c15
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.1_i386.deb
      Size/MD5:   192360 be430c30f093dc9caef1ad10029a0b11
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.1_i386.deb
      Size/MD5:   331192 3906f21c8fb193458aa75372ec9943ba
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.1_i386.deb
      Size/MD5:   194164 ac5bc80c4f259b4a4542f01ab3c163a3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.1_powerpc.deb
      Size/MD5:   150838 f31a2cceec103f60dde86f2638b1515d
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.1_powerpc.deb
      Size/MD5:   341640 56793cc96d8d56549926ac3fea6a0a28
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.1_powerpc.deb
      Size/MD5:   199554 a240b6f56e83254c4e19bb12ccd878e9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.1_powerpc.deb
      Size/MD5:   343552 65867cdf60f1192c9efcad170961a6f1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.1_powerpc.deb
      Size/MD5:   201138 5308a316178a9600f265cb7d0138ab1a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060614/cfe6b96e/attachment.bin

Powered by blists - more mailing lists