[Full-disclosure] FLEA-2008-0007-1 gd



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2008-0007-1
Published: 2008-02-11

Rating: Trivial

Updated Versions:
gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.6-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.2-0.7-3

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://wiki.rpath.com/Advisories:rPSA-2008-0046

Description:
Previous versions of the gd package are vulnerable to a possible
Arbitrary Code Execution attack in which an attacker may use a
maliciously crafted GIF file to trigger a buffer overflow. The libgd
library is not exposed via any privileged or remote interfaces within
Foresight Linux proper.

- ---

Copyright 2008 Foresight Linux Project
Portions Copyright 2008 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iQIcBAEBAgAGBQJHsWBeAAoJENfwEn07iAtZ/9wP/i7F66cgKHsNQDqu2PyHXyGg
4HbGS4TtzY8b5iUwN76iaRc43ujgAD2CTIgLnoWlo6CE1IZICGg1Uk3TUujdLQLq
+ROC9MEyHb1k3p6zlsM5jwJrKQU4k+rpZ99hp6WSaWo/4KLcjS/O/xWaMsIpwYAU
/yAMBnMhmUOIvsjXrYp6Ie5lyUrQnOxO6tA3PlIDWUoJrf2Jr4D1+o+pPBNDqwsy
tfuO5+mZKaV+sgCzl/yzn9qnB4dtPaZ33vol2v/HdJZM5skXBudP5LMsO/uvRqsD
tzMUE9LLgNHocE5nUB/8W9PUepXMaGa3cxnZAqymgDX4SLugv55lsDGntgWsSaBg
OURENEI/oijLIQLI2jg7b3SsAT0BjSFceCLzqRcjp7h5yZDThh9Tuaiu+wNSJ3Ev
5fFUKtatSsNaNFhLMPYFBvH8WpT8CEwk0oHIl+d0DCBcHs48BoQ2X//5c7bWycYA
l2I+1cYs3rBqe65kaTO2gSoC7Ggt70vC2ufBEiEjKzqFM4NTUDwYfL8ORLriHqIp
lq4zGpHyRpVoAfojnOrMBUD4+PPqi4bRGru7edyBz0z4PGm4YpQ9LYzYYKJuIEL5
u2zVYlcf5e9ged5qTjUCInzDQ8YW3E5WTHqDXxDdAI25QmBDgoT7ofNenBbNgTQp
foIYXSnRtGgPUm8OsoDn
=JAce
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • FLEA-2008-0007-1 gd
    ... Foresight Linux Essential Advisory: 2008-0007-1 ... Arbitrary Code Execution attack in which an attacker may use a ... maliciously crafted GIF file to trigger a buffer overflow. ... Portions Copyright 2008 rPath Inc. ...
    (Bugtraq)
  • [Full-disclosure] FLEA-2007-0052-1 gd
    ... Previous versions of the gd package are vulnerable to multiple attacks in ... the gd library to load existing images rather than generate new images. ... Copyright 2007 Foresight Linux Project ... Portions copyright 2007 rPath Inc. ...
    (Full-Disclosure)
  • [Full-disclosure] FLEA-2007-0022-1: file
    ... Previous versions of the file package are vulnerable to two attacks in which ... Copyright 2007 Foresight Linux Project ... Portions Copyright 2007 rPath, Inc. ...
    (Full-Disclosure)
  • FLEA-2007-0052-1 gd
    ... Previous versions of the gd package are vulnerable to multiple attacks in ... the gd library to load existing images rather than generate new images. ... Copyright 2007 Foresight Linux Project ... Portions copyright 2007 rPath Inc. ...
    (Bugtraq)
  • [Full-disclosure] FLEA-2007-0023-1: firefox
    ... Rating: Major ... Previous versions of the firefox package are vulnerable to several types of ... Copyright 2007 Foresight Linux Project ... Portions Copyright 2007 rPath, Inc. ...
    (Full-Disclosure)