FLEA-2008-0007-1 gd Feb 12 2008 09:01AM
Foresight Linux Essential Announcement Service (foresight-security-noreply foresightlinux org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2008-0007-1
Published: 2008-02-11

Rating: Trivial

Updated Versions:
gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.6-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.2-0.7-3

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://wiki.rpath.com/Advisories:rPSA-2008-0046

Description:
Previous versions of the gd package are vulnerable to a possible
Arbitrary Code Execution attack in which an attacker may use a
maliciously crafted GIF file to trigger a buffer overflow. The libgd
library is not exposed via any privileged or remote interfaces within
Foresight Linux proper.

- ---

Copyright 2008 Foresight Linux Project
Portions Copyright 2008 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iQIcBAEBAgAGBQJHsWBeAAoJENfwEn07iAtZ/9wP/i7F66cgKHsNQDqu2PyHXyGg
4HbGS4TtzY8b5iUwN76iaRc43ujgAD2CTIgLnoWlo6CE1IZICGg1Uk3TUujdLQLq
+ROC9MEyHb1k3p6zlsM5jwJrKQU4k+rpZ99hp6WSaWo/4KLcjS/O/xWaMsIpwYAU
/yAMBnMhmUOIvsjXrYp6Ie5lyUrQnOxO6tA3PlIDWUoJrf2Jr4D1+o+pPBNDqwsy
tfuO5+mZKaV+sgCzl/yzn9qnB4dtPaZ33vol2v/HdJZM5skXBudP5LMsO/uvRqsD
tzMUE9LLgNHocE5nUB/8W9PUepXMaGa3cxnZAqymgDX4SLugv55lsDGntgWsSaBg
OURENEI/oijLIQLI2jg7b3SsAT0BjSFceCLzqRcjp7h5yZDThh9Tuaiu+wNSJ3Ev
5fFUKtatSsNaNFhLMPYFBvH8WpT8CEwk0oHIl+d0DCBcHs48BoQ2X//5c7bWycYA
l2I+1cYs3rBqe65kaTO2gSoC7Ggt70vC2ufBEiEjKzqFM4NTUDwYfL8ORLriHqIp
lq4zGpHyRpVoAfojnOrMBUD4+PPqi4bRGru7edyBz0z4PGm4YpQ9LYzYYKJuIEL5
u2zVYlcf5e9ged5qTjUCInzDQ8YW3E5WTHqDXxDdAI25QmBDgoT7ofNenBbNgTQp
foIYXSnRtGgPUm8OsoDn
=JAce
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus