[<prev] [next>] [day] [month] [year] [list]
Message-ID: <46e0b97a.LQsKt+swVL68rIGP%foresight-security-noreply@foresightlinux.org>
Date: Thu, 06 Sep 2007 18:37:46 -0800
From: Foresight Linux Essential Announcement Service
<foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: lwn@....net, security-alerts@...uxsecurity.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.grok.org.uk
Subject: FLEA-2007-0052-1 gd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0052-1
Published: 2007-09-06
Rating: Moderate
Updated Versions:
gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.5-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.17-2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
https://issues.rpath.com/browse/RPL-1643
Description:
Previous versions of the gd package are vulnerable to multiple attacks in
which an attacker may cause unbounded CPU consumption or application
crashes (Denial of Service), possibly leading to the execution of malicious
code (Unauthorized Access). These attacks are generally limited to uses of
the gd library to load existing images rather than generate new images.
- ---
Copyright 2007 Foresight Linux Project
Portions copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
iQIVAwUBRuC5bNfwEn07iAtZAQLWeRAAmA76x+kZUN6WmiEQbF5ZgLzXtBTsQsCo
jaa2kSr193lueTuZnSJGmhCLpDRp+dcXJT9hWdp74WtlBERM4EPHpFOqZR4JMM6h
tZlHF1DIP1WuaqssUureSqdMnK2RW1iyfzATMYq3snlN1FWlS4MtwrOL7lYCpgux
YOJ29kEm6GU3U81mMDixOhRsGjQMqjai/Usf/qz5ipmVlh3wk5btSBzGipVuYOss
XnxIP4p+17Hqx26EHXTSDlCvsYaewSL7+fnSfGH4xs9Wyi6gN0/yzbu76g0a2jIX
gl/ND1wAL8dWKCRMTG8WVxj4XQbV9HlirRzIsCQenpJ2HAaNcFYXkntAdCmiph1l
qU6vtEdy0bZGiKVzvM5pG0S/Gzl06eSNkj+AjK1Joqn4PprYAcOPng1QnCXdLdWG
sd2z320NH0wN1AJfBu1fFfwmoy8CJHkoRbjLjQEvPOG6dnpuNa4KC4e80Ps/PgdM
zJH/xXzFLpHD6VtdQ/lArMqcc7ur1NPKLbedPMZuMWR3HGC7HrMXxe/t1uftQmzh
DPm1T30PqoHdH3/SKghG/Rocu/G56Cfbua63aN1JzON+T13zikOuLLFXAHBOEV75
XZ9P4A6M+2M5JvoXksBvz18sMVXYKW651CviaOR90rC+h86HAZEdWA4GShAJi9Fx
xjGTZrUYpfs=
=Jfx/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists