USN-557-1: GD library vulnerability

12-24-2007

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-557-1: GD library vulnerability

Referenced CVEs:
CVE-2007-3996

Description:
=========================================================== Ubuntu Security Notice USN-557-1 December 18, 2007libgd2 vulnerabilityCVE-2007-3996===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgd2-noxpm 2.0.33-2ubuntu5.3 libgd2-xpm 2.0.33-2ubuntu5.3Ubuntu 6.10: libgd2-noxpm 2.0.33-4ubuntu2.2 libgd2-xpm 2.0.33-4ubuntu2.2Ubuntu 7.04: libgd2-noxpm 2.0.34~rc1-2ubuntu1.2 libgd2-xpm 2.0.34~rc1-2ubuntu1.2Ubuntu 7.10: libgd2-noxpm 2.0.34-1ubuntu1.1 libgd2-xpm 2.0.34-1ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Mattias Bengtsson and Philip Olausson discovered that the GDlibrary did not properly perform bounds checking when creatingimages. An attacker could send specially crafted input toapplications linked against libgd2 and cause a denial of serviceor possibly execute arbitrary code.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

OPENPAM_RESTORE_CRED(3) BSD Library Functions Manual OPENPAM_RESTORE_CRED(3) NAME
openpam_restore_cred -- restore credentials LIBRARY
Pluggable Authentication Module Library (libpam, -lpam) SYNOPSIS
#include <sys/types.h> #include <security/pam_appl.h> #include <security/openpam.h> int openpam_restore_cred(pam_handle_t *pamh); DESCRIPTION
The openpam_restore_cred function restores the credentials saved by openpam_borrow_cred(3). RETURN VALUES
The openpam_restore_cred function returns one of the following values: [PAM_NO_MODULE_DATA] Module data not found. [PAM_SYSTEM_ERR] System error. SEE ALSO
setegid(2), seteuid(2), setgroups(2), openpam_borrow_cred(3), pam(3), pam_strerror(3) STANDARDS
The openpam_restore_cred function is an OpenPAM extension. AUTHORS
The openpam_restore_cred function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laborato- ries, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program. BSD
December 21, 2007 BSD

Security Advisories (RSS)

USN-557-1: GD library vulnerability

LEARN ABOUT MOJAVE

openpam_restore_cred