exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.122

Mandriva Linux Security Advisory 2007.122
Posted Jun 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2007-2756
SHA-256 | 2e3ba270ea3c4d1919f6f93689f647974c766f1a7bc9af560a39ea9541d60645

Mandriva Linux Security Advisory 2007.122

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:122
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gd
Date : June 13, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A flaw in libgd2 was found by Xavier Roche where it would not correctly
validate PNG callback results. If an application linked against
libgd2 was tricked into processing a specially-crafted PNG file, it
could cause a denial of service scenario via CPU resource consumption.

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
4553247ff29b71630a511cfa2e8f8dae 2007.0/i586/gd-utils-2.0.33-5.2mdv2007.0.i586.rpm
e597fdc7e70f9d47fba809c068d01c73 2007.0/i586/libgd2-2.0.33-5.2mdv2007.0.i586.rpm
5cb1c7417540c8bf923329a1b913e8af 2007.0/i586/libgd2-devel-2.0.33-5.2mdv2007.0.i586.rpm
41c08511d622f73c2941cd6153283a9d 2007.0/i586/libgd2-static-devel-2.0.33-5.2mdv2007.0.i586.rpm
7f26e734f247f081c4f91d88c4cf8746 2007.0/SRPMS/gd-2.0.33-5.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
6d49b3c840e14ed18363069c12c94672 2007.0/x86_64/gd-utils-2.0.33-5.2mdv2007.0.x86_64.rpm
4d96a041fa0afcdb46d395c87f545080 2007.0/x86_64/lib64gd2-2.0.33-5.2mdv2007.0.x86_64.rpm
36921632c56a9972f1d6db49e225e5c7 2007.0/x86_64/lib64gd2-devel-2.0.33-5.2mdv2007.0.x86_64.rpm
8d1636c72f97ea7e654fdae03cdee7ce 2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.2mdv2007.0.x86_64.rpm
7f26e734f247f081c4f91d88c4cf8746 2007.0/SRPMS/gd-2.0.33-5.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
be767d1fb70fadda41e824b60a40654a 2007.1/i586/gd-utils-2.0.34-1.1mdv2007.1.i586.rpm
d2f160f37beadd9ba3d5170e8524e2cd 2007.1/i586/libgd2-2.0.34-1.1mdv2007.1.i586.rpm
364b5cf24157faf590f19f039f67c041 2007.1/i586/libgd2-devel-2.0.34-1.1mdv2007.1.i586.rpm
e87568c973cfae2c65326c95a23841d2 2007.1/i586/libgd2-static-devel-2.0.34-1.1mdv2007.1.i586.rpm
03c9eadb6bdb8ada82180da39b745100 2007.1/SRPMS/gd-2.0.34-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
39ec275e8946123b78e01671a31ee128 2007.1/x86_64/gd-utils-2.0.34-1.1mdv2007.1.x86_64.rpm
17d51791166f4a15f4cf8fee41852b04 2007.1/x86_64/lib64gd2-2.0.34-1.1mdv2007.1.x86_64.rpm
74195a52b4b4d3de151b720809492aa8 2007.1/x86_64/lib64gd2-devel-2.0.34-1.1mdv2007.1.x86_64.rpm
058ad0e0a91a0d069539b7c235f883a0 2007.1/x86_64/lib64gd2-static-devel-2.0.34-1.1mdv2007.1.x86_64.rpm
03c9eadb6bdb8ada82180da39b745100 2007.1/SRPMS/gd-2.0.34-1.1mdv2007.1.src.rpm

Corporate 3.0:
77415362e06982bdf984f378ac768bd1 corporate/3.0/i586/gd-utils-2.0.15-4.4.C30mdk.i586.rpm
28e9d357648fc4367b8ae481a4ef46f0 corporate/3.0/i586/libgd2-2.0.15-4.4.C30mdk.i586.rpm
ebcac1bb4ac277b8813d2b9f2d4e6ec9 corporate/3.0/i586/libgd2-devel-2.0.15-4.4.C30mdk.i586.rpm
77376cc5884c131906c6977cb9c52e76 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.4.C30mdk.i586.rpm
19787484527e346d55c74459abcbe878 corporate/3.0/SRPMS/gd-2.0.15-4.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
beb3b4d6b05b3bf5d5f26be43b166dc0 corporate/3.0/x86_64/gd-utils-2.0.15-4.4.C30mdk.x86_64.rpm
6f24793bb256074012c76cc678caf17f corporate/3.0/x86_64/lib64gd2-2.0.15-4.4.C30mdk.x86_64.rpm
d2d43fc0411bbcbdb1c5cd81b5c730fe corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.4.C30mdk.x86_64.rpm
78891b53940ad4d50010f3a5d8a9eb74 corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.4.C30mdk.x86_64.rpm
19787484527e346d55c74459abcbe878 corporate/3.0/SRPMS/gd-2.0.15-4.4.C30mdk.src.rpm

Corporate 4.0:
74461c4ac716814c86060d9418f6cf54 corporate/4.0/i586/gd-utils-2.0.33-3.3.20060mlcs4.i586.rpm
2c6101e648d090bfde2a6038042a56ae corporate/4.0/i586/libgd2-2.0.33-3.3.20060mlcs4.i586.rpm
3beb7a4c7bb978442d3098f852f3e3fc corporate/4.0/i586/libgd2-devel-2.0.33-3.3.20060mlcs4.i586.rpm
ef4fb906adf0a9d40fab025ca9cf20d4 corporate/4.0/i586/libgd2-static-devel-2.0.33-3.3.20060mlcs4.i586.rpm
febc485fc1fed3d030cf440a20f000ef corporate/4.0/SRPMS/gd-2.0.33-3.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
fc5078a497db8094fbf14980a5ee2c76 corporate/4.0/x86_64/gd-utils-2.0.33-3.3.20060mlcs4.x86_64.rpm
80e1c4bb6338dfb58c246d0a8b001181 corporate/4.0/x86_64/lib64gd2-2.0.33-3.3.20060mlcs4.x86_64.rpm
e3db3d95d3a1485226ae15d5bb5ea6c5 corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.3.20060mlcs4.x86_64.rpm
00a195e5e03a1a5840f95ddd0b42f7db corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.3.20060mlcs4.x86_64.rpm
febc485fc1fed3d030cf440a20f000ef corporate/4.0/SRPMS/gd-2.0.33-3.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGcHJ/mqjQ0CJFipgRAqvoAJ9p8p87Pov6M/WinmBuPTWIi9NZCgCgkAEn
I9gFnK9U0WGT+4oBOTOrMVw=
=utH1
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close