INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | Multiple issues were discovered in the gd GIF image-handling code. |
| PLATFORM: | RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) |
| DAMAGE: | Execute code. |
| SOLUTION: | Upgrade to the appropriate version. |
| VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/s-218.shtml |
| ORIGINAL BULLETIN: | https://rhn.redhat.com/errata/RHSA-2008-0146.html |
| CVE: | CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476 |
[***** Start Red Hat RHSA-2008:0146-2 *****]
| Advisory: | RHSA-2008:0146-2 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2008-02-28 |
| Last updated on: | 2008-02-28 |
| Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) |
| OVAL: | com.redhat.rhsa-20080146.xml |
| CVEs (cve.mitre.org): | CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476 |
Updated gd packages that fix multiple security issues are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute code
with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges of
the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG
image could cause an infinite loop in an application using the gd library.
(CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues.
| RHEL Desktop Workstation (v. 5 client) | |
| IA-32: | |
| gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
| x86_64: | |
| gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
| gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm | 3267d2a709da99cc0052117aa656ea43 |
| Red Hat Desktop (v. 4) | |
| SRPMS: | |
| gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
| IA-32: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
| gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
| x86_64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
| gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
| gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| gd-2.0.33-9.4.el5_1.1.src.rpm | f0e4620cb91d56075202623e551a37f1 |
| IA-32: | |
| gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
| gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
| gd-progs-2.0.33-9.4.el5_1.1.i386.rpm | bd2f2724e41950428851a33c1a55607e |
| IA-64: | |
| gd-2.0.33-9.4.el5_1.1.ia64.rpm | e9e19edfe3432ea76d43f32878b855c4 |
| gd-devel-2.0.33-9.4.el5_1.1.ia64.rpm | ba06995bdfc879861b70f2ba83301466 |
| gd-progs-2.0.33-9.4.el5_1.1.ia64.rpm | ec130a2b192fc32ec628415a41dc616d |
| PPC: | |
| gd-2.0.33-9.4.el5_1.1.ppc.rpm | 2c13ab92192e7082258d95831188ca96 |
| gd-2.0.33-9.4.el5_1.1.ppc64.rpm | bcd41d49699867591ed0d3bf68bbea49 |
| gd-devel-2.0.33-9.4.el5_1.1.ppc.rpm | 3dd4555de5a15842fd68f3708e522536 |
| gd-devel-2.0.33-9.4.el5_1.1.ppc64.rpm | 4bd72af55be1f020a0f7299150dfe2a0 |
| gd-progs-2.0.33-9.4.el5_1.1.ppc.rpm | 9c9cb9cf3d5ec0c411e3982e63a5be7c |
| s390x: | |
| gd-2.0.33-9.4.el5_1.1.s390.rpm | e73d4f92b28e77b47c04d14bbf00bb6f |
| gd-2.0.33-9.4.el5_1.1.s390x.rpm | 28175753e1bd00eb260accbbf182897c |
| gd-devel-2.0.33-9.4.el5_1.1.s390.rpm | 418fcf703269fa9b15403961daa5c810 |
| gd-devel-2.0.33-9.4.el5_1.1.s390x.rpm | 7385ca899291062f717e931cb328ab2c |
| gd-progs-2.0.33-9.4.el5_1.1.s390x.rpm | d68f3b530972c43f38f353de97cefaa3 |
| x86_64: | |
| gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
| gd-2.0.33-9.4.el5_1.1.x86_64.rpm | b29a4a24f2951063e8aa72b9a8d0bc26 |
| gd-devel-2.0.33-9.4.el5_1.1.i386.rpm | 03c19796060246a35b0a8915b0e1dae1 |
| gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm | 3267d2a709da99cc0052117aa656ea43 |
| gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm | cfe63951e06b7727312b87ec51fbcb44 |
| Red Hat Enterprise Linux AS (v. 4) | |
| SRPMS: | |
| gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
| IA-32: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
| gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
| IA-64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.ia64.rpm | 3e0998804d6fa2971a7009e413fc1a62 |
| gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm | 00fee9a7f0d5fb3895b396aa405c3d6b |
| gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm | b86e088896fc611ce3b0b4ad45223c39 |
| PPC: | |
| gd-2.0.28-5.4E.el4_6.1.ppc.rpm | 1e19859bc14889fab2bd577bc45589e8 |
| gd-2.0.28-5.4E.el4_6.1.ppc64.rpm | cfa0156ab28bf250bdd1390606408832 |
| gd-devel-2.0.28-5.4E.el4_6.1.ppc.rpm | cd412c64b3efdf93a949a24d154755f0 |
| gd-progs-2.0.28-5.4E.el4_6.1.ppc.rpm | acce2b9744b4f54b586d1d39ecd5c24c |
| s390: | |
| gd-2.0.28-5.4E.el4_6.1.s390.rpm | 10d129a6edbde55da07e79b56971553f |
| gd-devel-2.0.28-5.4E.el4_6.1.s390.rpm | ef2f17e5d320e94ee6883da56605680d |
| gd-progs-2.0.28-5.4E.el4_6.1.s390.rpm | c83187d298875f1e713fb606ed70cc7d |
| s390x: | |
| gd-2.0.28-5.4E.el4_6.1.s390.rpm | 10d129a6edbde55da07e79b56971553f |
| gd-2.0.28-5.4E.el4_6.1.s390x.rpm | 249bf26e191eb3d06936da132a8c5b8c |
| gd-devel-2.0.28-5.4E.el4_6.1.s390x.rpm | 8a56a4101d266cb83d5bb468d6b9e309 |
| gd-progs-2.0.28-5.4E.el4_6.1.s390x.rpm | a753cba0d13a656d073406c45685dc22 |
| x86_64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
| gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
| gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| gd-2.0.33-9.4.el5_1.1.src.rpm | f0e4620cb91d56075202623e551a37f1 |
| IA-32: | |
| gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
| gd-progs-2.0.33-9.4.el5_1.1.i386.rpm | bd2f2724e41950428851a33c1a55607e |
| x86_64: | |
| gd-2.0.33-9.4.el5_1.1.i386.rpm | f1c14f2f1a7ea602efd39903c002c903 |
| gd-2.0.33-9.4.el5_1.1.x86_64.rpm | b29a4a24f2951063e8aa72b9a8d0bc26 |
| gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm | cfe63951e06b7727312b87ec51fbcb44 |
| Red Hat Enterprise Linux ES (v. 4) | |
| SRPMS: | |
| gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
| IA-32: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
| gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
| IA-64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.ia64.rpm | 3e0998804d6fa2971a7009e413fc1a62 |
| gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm | 00fee9a7f0d5fb3895b396aa405c3d6b |
| gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm | b86e088896fc611ce3b0b4ad45223c39 |
| x86_64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
| gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
| gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
| Red Hat Enterprise Linux WS (v. 4) | |
| SRPMS: | |
| gd-2.0.28-5.4E.el4_6.1.src.rpm | 65f4d62c6267d4de89098594de3f5261 |
| IA-32: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm | 9d4a4921efde0ddb590f8ae452df2c59 |
| gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm | c28341562f9dd7dee598cf7c796d18f9 |
| IA-64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.ia64.rpm | 3e0998804d6fa2971a7009e413fc1a62 |
| gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm | 00fee9a7f0d5fb3895b396aa405c3d6b |
| gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm | b86e088896fc611ce3b0b4ad45223c39 |
| x86_64: | |
| gd-2.0.28-5.4E.el4_6.1.i386.rpm | a7d8042e7b7675c54a763f131eb35dd1 |
| gd-2.0.28-5.4E.el4_6.1.x86_64.rpm | 0ac40952984f11cc0ffb81921f2aae57 |
| gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm | e60c40b143af53e2f13a3dfefabc8723 |
| gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm | 6971929444ad4555c175815bc411e644 |
| (The unlinked packages above are only available from the Red Hat Network) |
|
224607 - CVE-2007-0455 gd buffer overrun
242033 - CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
276751 - CVE-2007-3472 libgd Integer overflow in TrueColor code
276791 - CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
277181 - CVE-2007-3475 libgd Denial of service by GIF images without a global color map
277201 - CVE-2007-3476 libgd Denial of service by corrupted GIF images
431568 - CVE-2006-4484 gd: GIF handling buffer overflow
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2008:0146-2 *****]
Voice: +1 925-422-8193 (7 x 24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org