Package name
gd
Date
2009-12-05
Advisory ID
MDVSA-2009:284-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in gd:

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).

This update fixes this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 b770ed57194e79c086e3f0ab177ed97c  2008.0/i586/gd-utils-2.0.35-1.1mdv2008.0.i586.rpm
 c1d1ed31374dfd08ef28c19a96053c41  2008.0/i586/libgd2-2.0.35-1.1mdv2008.0.i586.rpm
 42b0f7db12bc7d4b5ba16fb5c1c5ba18  2008.0/i586/libgd2-devel-2.0.35-1.1mdv2008.0.i586.rpm
 0cdc571626816ba364a0345d4fb1b842  2008.0/i586/libgd2-static-devel-2.0.35-1.1mdv2008.0.i586.rpm 
 2ffaca3571956e7726a4000a037d629e  2008.0/SRPMS/gd-2.0.35-1.1mdv2008.0.src.rpm

2008.0 x86_64

 9ec41bc368270fc73cea7ae73be05a82  2008.0/x86_64/gd-utils-2.0.35-1.1mdv2008.0.x86_64.rpm
 e2e431c378bb7fbf90412f7e76e8620d  2008.0/x86_64/lib64gd2-2.0.35-1.1mdv2008.0.x86_64.rpm
 200615aafb2b7f3a0a595383308b779d  2008.0/x86_64/lib64gd2-devel-2.0.35-1.1mdv2008.0.x86_64.rpm
 ca5db470889f17171dcd7c2c73b2045a  2008.0/x86_64/lib64gd2-static-devel-2.0.35-1.1mdv2008.0.x86_64.rpm 
 2ffaca3571956e7726a4000a037d629e  2008.0/SRPMS/gd-2.0.35-1.1mdv2008.0.src.rpm

References