Security Advisory Moderate: gd security update

Advisory: RHSA-2008:0146-2
Type: Security Advisory
Severity: Moderate
Issued on: 2008-02-28
Last updated on: 2008-02-28
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080146.xml
CVEs (cve.mitre.org): CVE-2006-4484
CVE-2007-0455
CVE-2007-2756
CVE-2007-3472
CVE-2007-3473
CVE-2007-3475
CVE-2007-3476

Details

Updated gd packages that fix multiple security issues are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.

Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute code
with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)

An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges of
the application using the gd library. (CVE-2007-3472)

A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)

A flaw was discovered in the gd PNG image handling code. A truncated PNG
image could cause an infinite loop in an application using the gd library.
(CVE-2007-2756)

A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)

Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
 
x86_64:
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm     3267d2a709da99cc0052117aa656ea43
 
Red Hat Desktop (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
gd-2.0.33-9.4.el5_1.1.src.rpm     f0e4620cb91d56075202623e551a37f1
 
IA-32:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm     bd2f2724e41950428851a33c1a55607e
 
IA-64:
gd-2.0.33-9.4.el5_1.1.ia64.rpm     e9e19edfe3432ea76d43f32878b855c4
gd-devel-2.0.33-9.4.el5_1.1.ia64.rpm     ba06995bdfc879861b70f2ba83301466
gd-progs-2.0.33-9.4.el5_1.1.ia64.rpm     ec130a2b192fc32ec628415a41dc616d
 
PPC:
gd-2.0.33-9.4.el5_1.1.ppc.rpm     2c13ab92192e7082258d95831188ca96
gd-2.0.33-9.4.el5_1.1.ppc64.rpm     bcd41d49699867591ed0d3bf68bbea49
gd-devel-2.0.33-9.4.el5_1.1.ppc.rpm     3dd4555de5a15842fd68f3708e522536
gd-devel-2.0.33-9.4.el5_1.1.ppc64.rpm     4bd72af55be1f020a0f7299150dfe2a0
gd-progs-2.0.33-9.4.el5_1.1.ppc.rpm     9c9cb9cf3d5ec0c411e3982e63a5be7c
 
s390x:
gd-2.0.33-9.4.el5_1.1.s390.rpm     e73d4f92b28e77b47c04d14bbf00bb6f
gd-2.0.33-9.4.el5_1.1.s390x.rpm     28175753e1bd00eb260accbbf182897c
gd-devel-2.0.33-9.4.el5_1.1.s390.rpm     418fcf703269fa9b15403961daa5c810
gd-devel-2.0.33-9.4.el5_1.1.s390x.rpm     7385ca899291062f717e931cb328ab2c
gd-progs-2.0.33-9.4.el5_1.1.s390x.rpm     d68f3b530972c43f38f353de97cefaa3
 
x86_64:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-2.0.33-9.4.el5_1.1.x86_64.rpm     b29a4a24f2951063e8aa72b9a8d0bc26
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm     3267d2a709da99cc0052117aa656ea43
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm     cfe63951e06b7727312b87ec51fbcb44
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
IA-64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.ia64.rpm     3e0998804d6fa2971a7009e413fc1a62
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm     00fee9a7f0d5fb3895b396aa405c3d6b
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm     b86e088896fc611ce3b0b4ad45223c39
 
PPC:
gd-2.0.28-5.4E.el4_6.1.ppc.rpm     1e19859bc14889fab2bd577bc45589e8
gd-2.0.28-5.4E.el4_6.1.ppc64.rpm     cfa0156ab28bf250bdd1390606408832
gd-devel-2.0.28-5.4E.el4_6.1.ppc.rpm     cd412c64b3efdf93a949a24d154755f0
gd-progs-2.0.28-5.4E.el4_6.1.ppc.rpm     acce2b9744b4f54b586d1d39ecd5c24c
 
s390:
gd-2.0.28-5.4E.el4_6.1.s390.rpm     10d129a6edbde55da07e79b56971553f
gd-devel-2.0.28-5.4E.el4_6.1.s390.rpm     ef2f17e5d320e94ee6883da56605680d
gd-progs-2.0.28-5.4E.el4_6.1.s390.rpm     c83187d298875f1e713fb606ed70cc7d
 
s390x:
gd-2.0.28-5.4E.el4_6.1.s390.rpm     10d129a6edbde55da07e79b56971553f
gd-2.0.28-5.4E.el4_6.1.s390x.rpm     249bf26e191eb3d06936da132a8c5b8c
gd-devel-2.0.28-5.4E.el4_6.1.s390x.rpm     8a56a4101d266cb83d5bb468d6b9e309
gd-progs-2.0.28-5.4E.el4_6.1.s390x.rpm     a753cba0d13a656d073406c45685dc22
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
gd-2.0.33-9.4.el5_1.1.src.rpm     f0e4620cb91d56075202623e551a37f1
 
IA-32:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm     bd2f2724e41950428851a33c1a55607e
 
x86_64:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-2.0.33-9.4.el5_1.1.x86_64.rpm     b29a4a24f2951063e8aa72b9a8d0bc26
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm     cfe63951e06b7727312b87ec51fbcb44
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
IA-64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.ia64.rpm     3e0998804d6fa2971a7009e413fc1a62
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm     00fee9a7f0d5fb3895b396aa405c3d6b
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm     b86e088896fc611ce3b0b4ad45223c39
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
IA-64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.ia64.rpm     3e0998804d6fa2971a7009e413fc1a62
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm     00fee9a7f0d5fb3895b396aa405c3d6b
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm     b86e088896fc611ce3b0b4ad45223c39
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

224607 - CVE-2007-0455 gd buffer overrun
242033 - CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
276751 - CVE-2007-3472 libgd Integer overflow in TrueColor code
276791 - CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
277181 - CVE-2007-3475 libgd Denial of service by GIF images without a global color map
277201 - CVE-2007-3476 libgd Denial of service by corrupted GIF images
431568 - CVE-2006-4484 gd: GIF handling buffer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/