PROBLEM: | Multiple issues were discovered in the gd GIF image-handling code. |
PLATFORM: | RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 4.0 (etch) |
DAMAGE: | Execute code. |
SOLUTION: | Upgrade to the appropriate version. |
VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. |
LINKS: | |
CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/s-218.shtml |
ORIGINAL BULLETIN: | https://rhn.redhat.com/errata/RHSA-2008-0146.html |
ADDITIONAL LINK: | http://www.debian.org/security/2008/dsa-1613 |
CVE: | CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476 |
REVISION HISTORY: 08/18/2008 - revised S-218 to add a link to Debian Security Advisory DSA-1613-1 for Debian GNU/Linux 4.0 (etch). [***** Start Red Hat RHSA-2008:0146-2 *****]
Advisory: | RHSA-2008:0146-2 |
---|---|
Type: | Security Advisory |
Severity: | Moderate |
Issued on: | 2008-02-28 |
Last updated on: | 2008-02-28 |
Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) |
OVAL: | com.redhat.rhsa-20080146.xml |
CVEs (cve.mitre.org): | CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476 |
Updated gd packages that fix multiple security issues are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute code
with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges of
the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG
image could cause an infinite loop in an application using the gd library.
(CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues.
RHEL Desktop Workstation (v. 5 client) | |
IA-32: | |
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
x86_64: | |
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm | 3267d2a709da99cc0052117aa656ea43 |
Red Hat Desktop (v. 4) | |
SRPMS: | |
gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
IA-32: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
x86_64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
Red Hat Enterprise Linux (v. 5 server) | |
SRPMS: | |
gd-2.0.33-9.4.el5_1.1.src.rpm | f0e4620cb91d56075202623e551a37f1 |
IA-32: | |
gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm | bd2f2724e41950428851a33c1a55607e |
IA-64: | |
gd-2.0.33-9.4.el5_1.1.ia64.rpm | e9e19edfe3432ea76d43f32878b855c4 |
gd-devel-2.0.33-9.4.el5_1.1.ia64.rpm | ba06995bdfc879861b70f2ba83301466 |
gd-progs-2.0.33-9.4.el5_1.1.ia64.rpm | ec130a2b192fc32ec628415a41dc616d |
PPC: | |
gd-2.0.33-9.4.el5_1.1.ppc.rpm | 2c13ab92192e7082258d95831188ca96 |
gd-2.0.33-9.4.el5_1.1.ppc64.rpm | bcd41d49699867591ed0d3bf68bbea49 |
gd-devel-2.0.33-9.4.el5_1.1.ppc.rpm | 3dd4555de5a15842fd68f3708e522536 |
gd-devel-2.0.33-9.4.el5_1.1.ppc64.rpm | 4bd72af55be1f020a0f7299150dfe2a0 |
gd-progs-2.0.33-9.4.el5_1.1.ppc.rpm | 9c9cb9cf3d5ec0c411e3982e63a5be7c |
s390x: | |
gd-2.0.33-9.4.el5_1.1.s390.rpm | e73d4f92b28e77b47c04d14bbf00bb6f |
gd-2.0.33-9.4.el5_1.1.s390x.rpm | 28175753e1bd00eb260accbbf182897c |
gd-devel-2.0.33-9.4.el5_1.1.s390.rpm | 418fcf703269fa9b15403961daa5c810 |
gd-devel-2.0.33-9.4.el5_1.1.s390x.rpm | 7385ca899291062f717e931cb328ab2c |
gd-progs-2.0.33-9.4.el5_1.1.s390x.rpm | d68f3b530972c43f38f353de97cefaa3 |
x86_64: | |
gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
gd-2.0.33-9.4.el5_1.1.x86_64.rpm | b29a4a24f2951063e8aa72b9a8d0bc26 |
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm | 3267d2a709da99cc0052117aa656ea43 |
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm | cfe63951e06b7727312b87ec51fbcb44 |
Red Hat Enterprise Linux AS (v. 4) | |
SRPMS: | |
gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
IA-32: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
IA-64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.ia64.rpm | 3e0998804d6fa2971a7009e413fc1a62 |
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm | 00fee9a7f0d5fb3895b396aa405c3d6b |
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm | b86e088896fc611ce3b0b4ad45223c39 |
PPC: | |
gd-2.0.28-5.4E.el4_6.1.ppc.rpm | 1e19859bc14889fab2bd577bc45589e8 |
gd-2.0.28-5.4E.el4_6.1.ppc64.rpm | cfa0156ab28bf250bdd1390606408832 |
gd-devel-2.0.28-5.4E.el4_6.1.ppc.rpm | cd412c64b3efdf93a949a24d154755f0 |
gd-progs-2.0.28-5.4E.el4_6.1.ppc.rpm | acce2b9744b4f54b586d1d39ecd5c24c |
s390: | |
gd-2.0.28-5.4E.el4_6.1.s390.rpm | 10d129a6edbde55da07e79b56971553f |
gd-devel-2.0.28-5.4E.el4_6.1.s390.rpm | ef2f17e5d320e94ee6883da56605680d |
gd-progs-2.0.28-5.4E.el4_6.1.s390.rpm | c83187d298875f1e713fb606ed70cc7d |
s390x: | |
gd-2.0.28-5.4E.el4_6.1.s390.rpm | 10d129a6edbde55da07e79b56971553f |
gd-2.0.28-5.4E.el4_6.1.s390x.rpm | 249bf26e191eb3d06936da132a8c5b8c |
gd-devel-2.0.28-5.4E.el4_6.1.s390x.rpm | 8a56a4101d266cb83d5bb468d6b9e309 |
gd-progs-2.0.28-5.4E.el4_6.1.s390x.rpm | a753cba0d13a656d073406c45685dc22 |
x86_64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
Red Hat Enterprise Linux Desktop (v. 5 client) | |
SRPMS: | |
gd-2.0.33-9.4.el5_1.1.src.rpm | f0e4620cb91d56075202623e551a37f1 |
IA-32: | |
gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm | bd2f2724e41950428851a33c1a55607e |
x86_64: | |
gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
gd-2.0.33-9.4.el5_1.1.x86_64.rpm | b29a4a24f2951063e8aa72b9a8d0bc26 |
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm | cfe63951e06b7727312b87ec51fbcb44 |
Red Hat Enterprise Linux ES (v. 4) | |
SRPMS: | |
gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
IA-32: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
IA-64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.ia64.rpm | 3e0998804d6fa2971a7009e413fc1a62 |
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm | 00fee9a7f0d5fb3895b396aa405c3d6b |
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm | b86e088896fc611ce3b0b4ad45223c39 |
x86_64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
Red Hat Enterprise Linux WS (v. 4) | |
SRPMS: | |
gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
IA-32: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
IA-64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.ia64.rpm | 3e0998804d6fa2971a7009e413fc1a62 |
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm | 00fee9a7f0d5fb3895b396aa405c3d6b |
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm | b86e088896fc611ce3b0b4ad45223c39 |
x86_64: | |
gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
(The unlinked packages above are only available from the Red Hat Network) |
224607 - CVE-2007-0455 gd buffer overrun
242033 - CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
276751 - CVE-2007-3472 libgd Integer overflow in TrueColor code
276791 - CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
277181 - CVE-2007-3475 libgd Denial of service by GIF images without a global color map
277201 - CVE-2007-3476 libgd Denial of service by corrupted GIF images
431568 - CVE-2006-4484 gd: GIF handling buffer overflow
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2008:0146-2 *****]
Voice: +1 925-422-8193 (7 x 24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org