USN-557-1: GD library vulnerability

12-24-2007

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-557-1: GD library vulnerability

Referenced CVEs:
CVE-2007-3996

Description:
=========================================================== Ubuntu Security Notice USN-557-1 December 18, 2007libgd2 vulnerabilityCVE-2007-3996===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgd2-noxpm 2.0.33-2ubuntu5.3 libgd2-xpm 2.0.33-2ubuntu5.3Ubuntu 6.10: libgd2-noxpm 2.0.33-4ubuntu2.2 libgd2-xpm 2.0.33-4ubuntu2.2Ubuntu 7.04: libgd2-noxpm 2.0.34~rc1-2ubuntu1.2 libgd2-xpm 2.0.34~rc1-2ubuntu1.2Ubuntu 7.10: libgd2-noxpm 2.0.34-1ubuntu1.1 libgd2-xpm 2.0.34-1ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Mattias Bengtsson and Philip Olausson discovered that the GDlibrary did not properly perform bounds checking when creatingimages. An attacker could send specially crafted input toapplications linked against libgd2 and cause a denial of serviceor possibly execute arbitrary code.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

GERMINATE-PKG-DIFF(1) Ubuntu General Commands Manual GERMINATE-PKG-DIFF(1) NAME
germinate-pkg-diff -- compare seeds against currently installed packages SYNOPSIS
germinate-pkg-diff [-l file] [-m {i|r|d}] [-a arch] [seeds] DESCRIPTION
germinate-pkg-diff compares the expansion of a list of seed packages against the set of packages installed on the current system. When con- structing seeds for a software distribution, it can be used to iteratively find packages installed on developers' systems that should be included in the seeds. A list of seeds against which to compare may be supplied as non-option arguments. Seeds from which they inherit will be added automatically. The default is 'desktop'. OPTIONS
-l, --list file Read the list of currently installed packages from file. The default is to read the output of dpkg --get-selections, and any supplied file should be in the same format. -m, --mode {i|r|d} Set the output mode as follows: i Show the dpkg selections needed to install just these seeds. List unseeded but installed files as ``deinstall'', and seeded but uninstalled files as ``install''. r List unseeded but installed files as ``install'', and seeded but uninstalled files as ``deinstall''. d Show the differences between the packages specified by the seeds and the list of installed packages, in a somewhat diff-like for- mat. -S, --seed-source source,... Fetch seeds from the specified sources. The default is http://people.canonical.com/~ubuntu-archive/seeds/. -s, --seed-dist dist Fetch seeds for distribution dist. The default is ubuntu.precise. -d, --dist dist,... Operate on the specified distributions. The default is precise. Listing multiple distributions may be useful, for example, when exam- ining both a released distribution and its security updates. -a, --arch arch Operate on architecture arch. The default is i386. BUGS
--mode r is useless as dpkg --set-selections input. AUTHORS
Lamont Jones <lamont@ubuntu.com> Colin Watson <cjwatson@canonical.com> germinate-pkg-diff is copyright (C) 2004, 2005, 2006, 2007, 2008 Canonical Ltd. See the GNU General Public License version 2 or later for copying conditions. A copy of the GNU General Public License is available in /usr/share/common-licenses/GPL. Ubuntu Jul 18, 2007 Ubuntu

Security Advisories (RSS)

USN-557-1: GD library vulnerability

LEARN ABOUT DEBIAN

germinate-pkg-diff