FLEA-2007-0052-1 gd

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Foresight Linux Essential Advisory: 2007-0052-1 Published: 2007-09-06

Rating: Moderate

Updated Versions:

    gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.5-1     group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.17-2

References:

    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478

Description:

    Previous versions of the gd package are vulnerable to multiple attacks in     which an attacker may cause unbounded CPU consumption or application     crashes (Denial of Service), possibly leading to the execution of malicious     code (Unauthorized Access). These attacks are generally limited to uses of     the gd library to load existing images rather than generate new images.     

• ---

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Copyright 2007 Foresight Linux Project
Portions copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRuC5bNfwEn07iAtZAQLWeRAAmA76x+kZUN6WmiEQbF5ZgLzXtBTsQsCo jaa2kSr193lueTuZnSJGmhCLpDRp+dcXJT9hWdp74WtlBERM4EPHpFOqZR4JMM6h tZlHF1DIP1WuaqssUureSqdMnK2RW1iyfzATMYq3snlN1FWlS4MtwrOL7lYCpgux YOJ29kEm6GU3U81mMDixOhRsGjQMqjai/Usf/qz5ipmVlh3wk5btSBzGipVuYOss XnxIP4p+17Hqx26EHXTSDlCvsYaewSL7+fnSfGH4xs9Wyi6gN0/yzbu76g0a2jIX gl/ND1wAL8dWKCRMTG8WVxj4XQbV9HlirRzIsCQenpJ2HAaNcFYXkntAdCmiph1l qU6vtEdy0bZGiKVzvM5pG0S/Gzl06eSNkj+AjK1Joqn4PprYAcOPng1QnCXdLdWG sd2z320NH0wN1AJfBu1fFfwmoy8CJHkoRbjLjQEvPOG6dnpuNa4KC4e80Ps/PgdM zJH/xXzFLpHD6VtdQ/lArMqcc7ur1NPKLbedPMZuMWR3HGC7HrMXxe/t1uftQmzh DPm1T30PqoHdH3/SKghG/Rocu/G56Cfbua63aN1JzON+T13zikOuLLFXAHBOEV75 XZ9P4A6M+2M5JvoXksBvz18sMVXYKW651CviaOR90rC+h86HAZEdWA4GShAJi9Fx xjGTZrUYpfs=
=Jfx/
-----END PGP SIGNATURE-----
Received on Fri Sep 7 11:40:26 2007