[Full-Disclosure] [USN-33-1] libgd vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 11/29/04

Next message: Sune Kloppenborg Jeppesen: "[Full-Disclosure] [ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation"

Previous message: dk: "Re: [Full-Disclosure] Is www.sco.com hacked?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: ubuntu-security-announce@lists.ubuntu.com
Date: Mon, 29 Nov 2004 23:00:51 +0100

===========================================================
Ubuntu Security Notice USN-33-1 November 29, 2004
libgd vulnerabilities
CAN-2004-0941
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libgd1-noxpm
libgd1-xpm

The problem can be corrected by upgrading the affected package to
version 1.8.4-36ubuntu0.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

CAN-2004-0990 described several buffer overflows which had been
discovered in libgd's PNG handling functions. Another update is
required because the update from USN-21-1 was not sufficient to
prevent every possible attack.

If an attacker tricks a user into loading a malicious PNG or XPM
image, they could leverage this into executing arbitrary code in the
context of the user opening image.

This vulnerability might lead to privilege escalation in customized
systems that use server applications which link libgd. However, Warty
does not ship such server applications (PHP in Warty uses libgd2 which
was already fixed in USN-25-1).

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd_1.8.4-36ubuntu0.2.diff.gz
      Size/MD5: 12323 a786097a746555a53b25ce68168e6878
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd_1.8.4-36ubuntu0.2.dsc
      Size/MD5: 775 7324e0a3fcb79df8fc367537a1bcd539
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd_1.8.4.orig.tar.gz
      Size/MD5: 559248 813625508e31f5c205904a305bdc8669

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-dev_1.8.4-36ubuntu0.2_all.deb
      Size/MD5: 8746 9d7dca3cd8a0171b9eb796ec4e9a9461
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd/libgd1_1.8.4-36ubuntu0.2_all.deb
      Size/MD5: 8734 4735c7dae226eaf3c819b7f6dbbfb67e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-noxpm-dev_1.8.4-36ubuntu0.2_amd64.deb
      Size/MD5: 118450 5cbb047f22d7d8eb771f09cec74cf0f0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-xpm-dev_1.8.4-36ubuntu0.2_amd64.deb
      Size/MD5: 119270 3d8aea0f13bb288174487ad487d788de
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-noxpm_1.8.4-36ubuntu0.2_amd64.deb
      Size/MD5: 111854 31b3f62f7cd6639f7db15d63c9091182
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-xpm_1.8.4-36ubuntu0.2_amd64.deb
      Size/MD5: 112230 35abed9e9948c515747378f22ca08c6a

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-noxpm-dev_1.8.4-36ubuntu0.2_i386.deb
      Size/MD5: 113724 01a746e583a1e266bbde6893105dde5b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-xpm-dev_1.8.4-36ubuntu0.2_i386.deb
      Size/MD5: 114278 c9db1035361d8914f474e4b341e8bc21
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-noxpm_1.8.4-36ubuntu0.2_i386.deb
      Size/MD5: 108898 a1a0ffeb8f1cb031a906ebc2e17f0c41
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-xpm_1.8.4-36ubuntu0.2_i386.deb
      Size/MD5: 109292 ef94e51d4719648a973411d41ce2317a

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-noxpm-dev_1.8.4-36ubuntu0.2_powerpc.deb
      Size/MD5: 119708 643239574e7134987e21134b517c0200
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-xpm-dev_1.8.4-36ubuntu0.2_powerpc.deb
      Size/MD5: 120574 ed210cf839bc582029806a176d58eaad
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-noxpm_1.8.4-36ubuntu0.2_powerpc.deb
      Size/MD5: 113216 d058c407f5ec26a315c1b6f439721c8c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-xpm_1.8.4-36ubuntu0.2_powerpc.deb
      Size/MD5: 113510 709808f36db560407c78a4f9e90408b8

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/pgp-signature attachment: Digital signature

Next message: Sune Kloppenborg Jeppesen: "[Full-Disclosure] [ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation"

Previous message: dk: "Re: [Full-Disclosure] Is www.sco.com hacked?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[USN-33-1] libgd vulnerabilities
... Ubuntu 4.10 (Warty Warthog) ... The following packages are affected: ...
(Bugtraq)
[Full-Disclosure] [USN-21-1] libgd vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ...
(Full-Disclosure)
[USN-33-1] libgd vulnerabilities
... Ubuntu 4.10 (Warty Warthog) ... The following packages are affected: ...
(Full-Disclosure)
[USN-21-1] libgd vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ...
(Full-Disclosure)
[USN-21-1] libgd vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ...
(Bugtraq)