Paketname
gd
Datum
2009-10-09
Advisory ID
MDVSA-2009:264
Betroffene Versionen
CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problembeschreibung

Multiple integer overflows in libgd in PHP before 5.2.4 allow
remote attackers to cause a denial of service (application crash)
and possibly execute arbitrary code via a large (1) srcW or (2)
srcH value to the (a) gdImageCopyResized function, or a large (3) sy
(height) or (4) sx (width) value to the (b) gdImageCreate or the (c)
gdImageCreateTrueColor function. (CVE-2007-3996)

The updated packages have been patched to prevent this.

Aktualisierte Pakete

CS3.0 i586

 2cb03c7d4b245e07b5d309e0f48a8077  corporate/3.0/i586/gd-utils-2.0.15-4.2.C30mdk.i586.rpm
 fc28af51e9d0bb66392942710adaada6  corporate/3.0/i586/libgd2-2.0.15-4.2.C30mdk.i586.rpm
 75b47ea3126c16f075cbf6a0d7f9f752  corporate/3.0/i586/libgd2-devel-2.0.15-4.2.C30mdk.i586.rpm
 f47adbeaf348f3b95135219f098711f0  corporate/3.0/i586/libgd2-static-devel-2.0.15-4.2.C30mdk.i586.rpm 
 cf118bbdbf87e22153ce326187469a8b  corporate/3.0/SRPMS/gd-2.0.15-4.2.C30mdk.src.rpm

MNF2.0 i586

 94ab7e1ec5f0d8af02a520be6f2f9829  mnf/2.0/i586/gd-utils-2.0.15-4.2.M20mdk.i586.rpm
 310bef7d74de484a6a94ca5a43976c9b  mnf/2.0/i586/libgd2-2.0.15-4.2.M20mdk.i586.rpm
 257320b106afef04393bc96508dd2038  mnf/2.0/i586/libgd2-devel-2.0.15-4.2.M20mdk.i586.rpm
 bf388f56fee4c42ab49036c90860e031  mnf/2.0/i586/libgd2-static-devel-2.0.15-4.2.M20mdk.i586.rpm 
 474d47a8887a270f6ff8771245eb0f13  mnf/2.0/SRPMS/gd-2.0.15-4.2.M20mdk.src.rpm

CS3.0 x86_64

 08336a0b261a1bd52d5f726b2dca8e0a  corporate/3.0/x86_64/gd-utils-2.0.15-4.2.C30mdk.x86_64.rpm
 dcb48e240a80b837bb416ac04d21e8e6  corporate/3.0/x86_64/lib64gd2-2.0.15-4.2.C30mdk.x86_64.rpm
 71b1d2cf707d83e13055f56be4ae2a67  corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.2.C30mdk.x86_64.rpm
 ae4be8f25e4ad8b4e3e75c41a2329c3d  corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.2.C30mdk.x86_64.rpm 
 cf118bbdbf87e22153ce326187469a8b  corporate/3.0/SRPMS/gd-2.0.15-4.2.C30mdk.src.rpm

Referenzen