Security Advisory gd security update

Advisory: RHSA-2006:0194-4
Type: Security Advisory
Severity: Moderate
Issued on: 2006-02-01
Last updated on: 2006-02-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0941

Details

Updated gd packages that fix several buffer overflow flaws are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.

Several buffer overflow flaws were found in the way gd allocates memory.
An attacker could create a carefully crafted image that could execute
arbitrary code if opened by a victim using a program linked against the gd
library. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2004-0941 to these issues.

Users of gd should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
gd-2.0.28-4.4E.1.src.rpm
File outdated by:  RHSA-2008:0146		     0e1bd5cb5215e65a7120b82132ac6b9e
 
IA-32:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-devel-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     999a383add1284e00cc25185fae78008
gd-progs-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     df53c01e62afb6e14d5b8299b68836b0
 
x86_64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     9f8f96be348ac13b987a872a80ecae58
gd-devel-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     3435f155aec324ef3cecca6f4d588e28
gd-progs-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     e961c9c4bbe083244017ee6559fcf743
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gd-2.0.28-4.4E.1.src.rpm
File outdated by:  RHSA-2008:0146		     0e1bd5cb5215e65a7120b82132ac6b9e
 
IA-32:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-devel-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     999a383add1284e00cc25185fae78008
gd-progs-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     df53c01e62afb6e14d5b8299b68836b0
 
IA-64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     e27753d66dc328e1fca00c9817bac747
gd-devel-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     cf9a90ececb359b4e178a08e58fbec12
gd-progs-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     9784499cf742864a0c185ac5653d03ab
 
PPC:
gd-2.0.28-4.4E.1.ppc.rpm
File outdated by:  RHSA-2008:0146		     f2aaf2eeb438dc9cdbd2e17d84ab5503
gd-2.0.28-4.4E.1.ppc64.rpm
File outdated by:  RHSA-2008:0146		     f9d4a0395e2c95f45eaab554ff81412f
gd-devel-2.0.28-4.4E.1.ppc.rpm
File outdated by:  RHSA-2008:0146		     38d97c9832e49fcce8e518647f979212
gd-progs-2.0.28-4.4E.1.ppc.rpm
File outdated by:  RHSA-2008:0146		     239b6c7acd59d9b3e01dc4ea2e1bf6d7
 
s390:
gd-2.0.28-4.4E.1.s390.rpm
File outdated by:  RHSA-2008:0146		     54c5d0d9c01fea69d85d70d9cd7a5662
gd-devel-2.0.28-4.4E.1.s390.rpm
File outdated by:  RHSA-2008:0146		     54c3a6d08d050e7607518b76a72737d1
gd-progs-2.0.28-4.4E.1.s390.rpm
File outdated by:  RHSA-2008:0146		     ba8a6612e144109d0961f1fe4d301388
 
s390x:
gd-2.0.28-4.4E.1.s390.rpm
File outdated by:  RHSA-2008:0146		     54c5d0d9c01fea69d85d70d9cd7a5662
gd-2.0.28-4.4E.1.s390x.rpm
File outdated by:  RHSA-2008:0146		     1468dfa689881d58ac8bfe6e0166b359
gd-devel-2.0.28-4.4E.1.s390x.rpm
File outdated by:  RHSA-2008:0146		     474c64458e40bea0166796eb711d5045
gd-progs-2.0.28-4.4E.1.s390x.rpm
File outdated by:  RHSA-2008:0146		     ee74f993e7381a5f90aaacaff217c262
 
x86_64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     9f8f96be348ac13b987a872a80ecae58
gd-devel-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     3435f155aec324ef3cecca6f4d588e28
gd-progs-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     e961c9c4bbe083244017ee6559fcf743
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gd-2.0.28-4.4E.1.src.rpm
File outdated by:  RHSA-2008:0146		     0e1bd5cb5215e65a7120b82132ac6b9e
 
IA-32:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-devel-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     999a383add1284e00cc25185fae78008
gd-progs-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     df53c01e62afb6e14d5b8299b68836b0
 
IA-64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     e27753d66dc328e1fca00c9817bac747
gd-devel-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     cf9a90ececb359b4e178a08e58fbec12
gd-progs-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     9784499cf742864a0c185ac5653d03ab
 
x86_64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     9f8f96be348ac13b987a872a80ecae58
gd-devel-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     3435f155aec324ef3cecca6f4d588e28
gd-progs-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     e961c9c4bbe083244017ee6559fcf743
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gd-2.0.28-4.4E.1.src.rpm
File outdated by:  RHSA-2008:0146		     0e1bd5cb5215e65a7120b82132ac6b9e
 
IA-32:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-devel-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     999a383add1284e00cc25185fae78008
gd-progs-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     df53c01e62afb6e14d5b8299b68836b0
 
IA-64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     e27753d66dc328e1fca00c9817bac747
gd-devel-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     cf9a90ececb359b4e178a08e58fbec12
gd-progs-2.0.28-4.4E.1.ia64.rpm
File outdated by:  RHSA-2008:0146		     9784499cf742864a0c185ac5653d03ab
 
x86_64:
gd-2.0.28-4.4E.1.i386.rpm
File outdated by:  RHSA-2008:0146		     884d6670cd82e39db34c684616dea78c
gd-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     9f8f96be348ac13b987a872a80ecae58
gd-devel-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     3435f155aec324ef3cecca6f4d588e28
gd-progs-2.0.28-4.4E.1.x86_64.rpm
File outdated by:  RHSA-2008:0146		     e961c9c4bbe083244017ee6559fcf743
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

175413 - CVE-2004-0941 additional overflows in gd


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0941

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/