lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041029090212.GA32738@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-11-1] libgd2 vulnerabilities

===========================================================
Ubuntu Security Notice USN-11-1            October 28, 2004
libgd2 vulnerabilities
CAN-2004-0990
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libgd2-xpm
libgd2-noxpm

The problem can be corrected by upgrading the affected packages to
version 2.0.23-2ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several buffer overflows have been discovered in libgd's PNG handling
functions.

If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.23-2ubuntu0.1.diff.gz
      Size/MD5:    12015 3c278f754bef0a52d5ea83f62af81f8b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.23-2ubuntu0.1.dsc
      Size/MD5:      783 10f0fcf6b1ba3e3dfecf31c597ded84c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.23.orig.tar.gz
      Size/MD5:   544497 3bcd6daef3eb7b31ddc68a7d54b98c15

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.23-2ubuntu0.1_all.deb
      Size/MD5:   111826 d4ee66cac49d7cb792928f2245743f5a
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.23-2ubuntu0.1_all.deb
      Size/MD5:   111802 f25e3258c4fe2d453997e2b379c8ca88

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   128166 be07ad782e1fa3e7a6d96f03333098b5
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   305818 ddd65bd2bff9ad79c374a7b81f22f1c1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   171190 0ca57e0f1b2d21368fc78f8fda9448a0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   305814 ed4ddc988e62d066f755492d1580c617
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.23-2ubuntu0.1_amd64.deb
      Size/MD5:   171166 31fe7088ba4223a0587dc6b7c378a160

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   127280 29656d70daed6af2035e43e559723692
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   299836 b01bc5884893151d1cfab1a18bfbc246
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   167376 d3e1108de8c9eef6b027a09d8cf1953c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   299828 064fdb8f240289b4072364359306e4d3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.23-2ubuntu0.1_i386.deb
      Size/MD5:   167348 543615c69de2676a4f9e4531003a4e4c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   134062 2f6f321d26221715f2ba56b090bb69d1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   308904 3d089de51fe4fa5660cde88ae0ec16b8
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   173146 ad171f2410184f80a1894139f00eacb1
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   308884 a3e359355b86d23deff439b43fae7bb4
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.23-2ubuntu0.1_powerpc.deb
      Size/MD5:   173130 40689f3fcc6aaaaa491a665949e5fdb2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041029/ccdc6622/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ