[<prev] [next>] [day] [month] [year] [list]
Message-ID: <47b16065.Or0KmrPATydP+ihY%foresight-security-noreply@foresightlinux.org>
Date: Tue, 12 Feb 2008 00:01:25 -0900
From: Foresight Linux Essential Announcement Service
<foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: lwn@....net, security-alerts@...uxsecurity.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.grok.org.uk
Subject: FLEA-2008-0007-1 gd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foresight Linux Essential Advisory: 2008-0007-1
Published: 2008-02-11
Rating: Trivial
Updated Versions:
gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.6-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.2-0.7-3
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://wiki.rpath.com/Advisories:rPSA-2008-0046
Description:
Previous versions of the gd package are vulnerable to a possible
Arbitrary Code Execution attack in which an attacker may use a
maliciously crafted GIF file to trigger a buffer overflow. The libgd
library is not exposed via any privileged or remote interfaces within
Foresight Linux proper.
- ---
Copyright 2008 Foresight Linux Project
Portions Copyright 2008 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)
iQIcBAEBAgAGBQJHsWBeAAoJENfwEn07iAtZ/9wP/i7F66cgKHsNQDqu2PyHXyGg
4HbGS4TtzY8b5iUwN76iaRc43ujgAD2CTIgLnoWlo6CE1IZICGg1Uk3TUujdLQLq
+ROC9MEyHb1k3p6zlsM5jwJrKQU4k+rpZ99hp6WSaWo/4KLcjS/O/xWaMsIpwYAU
/yAMBnMhmUOIvsjXrYp6Ie5lyUrQnOxO6tA3PlIDWUoJrf2Jr4D1+o+pPBNDqwsy
tfuO5+mZKaV+sgCzl/yzn9qnB4dtPaZ33vol2v/HdJZM5skXBudP5LMsO/uvRqsD
tzMUE9LLgNHocE5nUB/8W9PUepXMaGa3cxnZAqymgDX4SLugv55lsDGntgWsSaBg
OURENEI/oijLIQLI2jg7b3SsAT0BjSFceCLzqRcjp7h5yZDThh9Tuaiu+wNSJ3Ev
5fFUKtatSsNaNFhLMPYFBvH8WpT8CEwk0oHIl+d0DCBcHs48BoQ2X//5c7bWycYA
l2I+1cYs3rBqe65kaTO2gSoC7Ggt70vC2ufBEiEjKzqFM4NTUDwYfL8ORLriHqIp
lq4zGpHyRpVoAfojnOrMBUD4+PPqi4bRGru7edyBz0z4PGm4YpQ9LYzYYKJuIEL5
u2zVYlcf5e9ged5qTjUCInzDQ8YW3E5WTHqDXxDdAI25QmBDgoT7ofNenBbNgTQp
foIYXSnRtGgPUm8OsoDn
=JAce
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists