Skip to navigation

Security Advisory Moderate: gd security update

Advisory: RHSA-2010:0003-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-01-04
Last updated on: 2010-01-04
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-3546

Details

Updated gd packages that fix a security issue are now available for Red Hat
Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The gd packages provide a graphics library used for the dynamic creation of
images, such as PNG and JPEG.

A missing input sanitization flaw, leading to a buffer overflow, was
discovered in the gd library. A specially-crafted GD image file could cause
an application using the gd library to crash or, possibly, execute
arbitrary code when opened. (CVE-2009-3546)

Users of gd should upgrade to these updated packages, which contain a
backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
gd-2.0.33-9.4.el5_4.2.src.rpm     MD5: 6edfd935f7a4dcae8f944169f3891233
SHA-256: 6ac1636679bc6c79ac105e77e6bb9751f1e50ae6bc905d4e510d1fddf95c1535
 
IA-32:
gd-devel-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 1f45e0d8fbbbceccfb3daa456902d1d2
 
x86_64:
gd-devel-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 1f45e0d8fbbbceccfb3daa456902d1d2
gd-devel-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: e33868167a70cc30e18f7aed0fc45372
 
Red Hat Desktop (v. 4)

SRPMS:
gd-2.0.28-5.4E.el4_8.1.src.rpm     MD5: 949a1c28231f3bf3b299ceacd6a7800f
 
IA-32:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: da5f82aeb78aa5f0f2780a979ca96a8b
gd-progs-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: 0ab52f3c21f4e7af7d0ccabaaf48b9ea
 
x86_64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: bfcdafff3dd8e4c35a8f9a79c4c98c10
gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: cc8cf2f7a78e7e8658bf9767db60aab7
gd-progs-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: 3eb8a8600eb615ca61de062f7fced782
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gd-2.0.33-9.4.el5_4.2.src.rpm     MD5: 6edfd935f7a4dcae8f944169f3891233
SHA-256: 6ac1636679bc6c79ac105e77e6bb9751f1e50ae6bc905d4e510d1fddf95c1535
 
IA-32:
gd-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 4483731239c0646af8c38670d69ded73
gd-devel-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 1f45e0d8fbbbceccfb3daa456902d1d2
gd-progs-2.0.33-9.4.el5_4.2.i386.rpm     MD5: ee44761474464097015a99ea547114c9
 
IA-64:
gd-2.0.33-9.4.el5_4.2.ia64.rpm     MD5: 95bae601b4da583f636a2597bc9b7925
gd-devel-2.0.33-9.4.el5_4.2.ia64.rpm     MD5: f367f6a982e95e03975dded96609b847
gd-progs-2.0.33-9.4.el5_4.2.ia64.rpm     MD5: 9d132d90722d91dc14c9e192b0bd4ae6
 
PPC:
gd-2.0.33-9.4.el5_4.2.ppc.rpm     MD5: fda178d725a6d9515d08942f67333a30
gd-2.0.33-9.4.el5_4.2.ppc64.rpm     MD5: 477d52083e551fe2b53b43aaabcf98aa
gd-devel-2.0.33-9.4.el5_4.2.ppc.rpm     MD5: 2fed2de5f0f1aac6c90a7d709270b72d
gd-devel-2.0.33-9.4.el5_4.2.ppc64.rpm     MD5: 9aac1986ce537cb559d2d710f0959ef1
gd-progs-2.0.33-9.4.el5_4.2.ppc.rpm     MD5: 419ba341943ead2d2be6dda2457563ec
 
s390x:
gd-2.0.33-9.4.el5_4.2.s390.rpm     MD5: b3c70c625ac850ce5208f43bdb539f79
gd-2.0.33-9.4.el5_4.2.s390x.rpm     MD5: 843b82de1c739988fd23491ca20b3f55
gd-devel-2.0.33-9.4.el5_4.2.s390.rpm     MD5: 732e03ef8bbc1cd43835d751dd9b4d33
gd-devel-2.0.33-9.4.el5_4.2.s390x.rpm     MD5: 7f343a70b8cc30cccf6385ea692c0c28
gd-progs-2.0.33-9.4.el5_4.2.s390x.rpm     MD5: 58e357a5f87520dbf031f58c6f605527
 
x86_64:
gd-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 4483731239c0646af8c38670d69ded73
gd-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: 817be3b523ee212816356f90264787c5
gd-devel-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 1f45e0d8fbbbceccfb3daa456902d1d2
gd-devel-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: e33868167a70cc30e18f7aed0fc45372
gd-progs-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: 55d6c6790107cb1f9acfc18ecea330ab
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gd-2.0.28-5.4E.el4_8.1.src.rpm     MD5: 949a1c28231f3bf3b299ceacd6a7800f
 
IA-32:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: da5f82aeb78aa5f0f2780a979ca96a8b
gd-progs-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: 0ab52f3c21f4e7af7d0ccabaaf48b9ea
 
IA-64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 29647ff51641cbdfe47e607cb6b2a3ea
gd-devel-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 3bbb1c4364c26b533c50dba1f2e2010b
gd-progs-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 0f22546d837ccb725a65120324599bed
 
PPC:
gd-2.0.28-5.4E.el4_8.1.ppc.rpm     MD5: 9c148b5e1826eb17657340952bf1ff6c
gd-2.0.28-5.4E.el4_8.1.ppc64.rpm     MD5: 313e0e9abd88a113981d86c84aebec1f
gd-devel-2.0.28-5.4E.el4_8.1.ppc.rpm     MD5: 5426ec5e99be8b5508da3e713642e863
gd-progs-2.0.28-5.4E.el4_8.1.ppc.rpm     MD5: 4cea5b4e2e1b4dab96b07538b5c34502
 
s390:
gd-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 6675a822b0f2f87c5ce0c09c9945dc43
gd-devel-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 758c753e9a54e1296020d97a63a4f1a3
gd-progs-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 40c6c034e9ece85996c2b8e517db9651
 
s390x:
gd-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 6675a822b0f2f87c5ce0c09c9945dc43
gd-2.0.28-5.4E.el4_8.1.s390x.rpm     MD5: f05e4f7092817a57509594b30310c278
gd-devel-2.0.28-5.4E.el4_8.1.s390x.rpm     MD5: df2b1a8d473dedab21facc0a4ff05b0d
gd-progs-2.0.28-5.4E.el4_8.1.s390x.rpm     MD5: f052fbb64e650591d03826c078f5d975
 
x86_64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: bfcdafff3dd8e4c35a8f9a79c4c98c10
gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: cc8cf2f7a78e7e8658bf9767db60aab7
gd-progs-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: 3eb8a8600eb615ca61de062f7fced782
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
gd-2.0.28-5.4E.el4_8.1.src.rpm     MD5: 949a1c28231f3bf3b299ceacd6a7800f
 
IA-32:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: da5f82aeb78aa5f0f2780a979ca96a8b
gd-progs-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: 0ab52f3c21f4e7af7d0ccabaaf48b9ea
 
IA-64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 29647ff51641cbdfe47e607cb6b2a3ea
gd-devel-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 3bbb1c4364c26b533c50dba1f2e2010b
gd-progs-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 0f22546d837ccb725a65120324599bed
 
PPC:
gd-2.0.28-5.4E.el4_8.1.ppc.rpm     MD5: 9c148b5e1826eb17657340952bf1ff6c
gd-2.0.28-5.4E.el4_8.1.ppc64.rpm     MD5: 313e0e9abd88a113981d86c84aebec1f
gd-devel-2.0.28-5.4E.el4_8.1.ppc.rpm     MD5: 5426ec5e99be8b5508da3e713642e863
gd-progs-2.0.28-5.4E.el4_8.1.ppc.rpm     MD5: 4cea5b4e2e1b4dab96b07538b5c34502
 
s390:
gd-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 6675a822b0f2f87c5ce0c09c9945dc43
gd-devel-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 758c753e9a54e1296020d97a63a4f1a3
gd-progs-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 40c6c034e9ece85996c2b8e517db9651
 
s390x:
gd-2.0.28-5.4E.el4_8.1.s390.rpm     MD5: 6675a822b0f2f87c5ce0c09c9945dc43
gd-2.0.28-5.4E.el4_8.1.s390x.rpm     MD5: f05e4f7092817a57509594b30310c278
gd-devel-2.0.28-5.4E.el4_8.1.s390x.rpm     MD5: df2b1a8d473dedab21facc0a4ff05b0d
gd-progs-2.0.28-5.4E.el4_8.1.s390x.rpm     MD5: f052fbb64e650591d03826c078f5d975
 
x86_64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: bfcdafff3dd8e4c35a8f9a79c4c98c10
gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: cc8cf2f7a78e7e8658bf9767db60aab7
gd-progs-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: 3eb8a8600eb615ca61de062f7fced782
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gd-2.0.33-9.4.el5_4.2.src.rpm     MD5: 6edfd935f7a4dcae8f944169f3891233
SHA-256: 6ac1636679bc6c79ac105e77e6bb9751f1e50ae6bc905d4e510d1fddf95c1535
 
IA-32:
gd-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 4483731239c0646af8c38670d69ded73
gd-progs-2.0.33-9.4.el5_4.2.i386.rpm     MD5: ee44761474464097015a99ea547114c9
 
x86_64:
gd-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 4483731239c0646af8c38670d69ded73
gd-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: 817be3b523ee212816356f90264787c5
gd-progs-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: 55d6c6790107cb1f9acfc18ecea330ab
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gd-2.0.28-5.4E.el4_8.1.src.rpm     MD5: 949a1c28231f3bf3b299ceacd6a7800f
 
IA-32:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: da5f82aeb78aa5f0f2780a979ca96a8b
gd-progs-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: 0ab52f3c21f4e7af7d0ccabaaf48b9ea
 
IA-64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 29647ff51641cbdfe47e607cb6b2a3ea
gd-devel-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 3bbb1c4364c26b533c50dba1f2e2010b
gd-progs-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 0f22546d837ccb725a65120324599bed
 
x86_64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: bfcdafff3dd8e4c35a8f9a79c4c98c10
gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: cc8cf2f7a78e7e8658bf9767db60aab7
gd-progs-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: 3eb8a8600eb615ca61de062f7fced782
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
gd-2.0.28-5.4E.el4_8.1.src.rpm     MD5: 949a1c28231f3bf3b299ceacd6a7800f
 
IA-32:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: da5f82aeb78aa5f0f2780a979ca96a8b
gd-progs-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: 0ab52f3c21f4e7af7d0ccabaaf48b9ea
 
IA-64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 29647ff51641cbdfe47e607cb6b2a3ea
gd-devel-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 3bbb1c4364c26b533c50dba1f2e2010b
gd-progs-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 0f22546d837ccb725a65120324599bed
 
x86_64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: bfcdafff3dd8e4c35a8f9a79c4c98c10
gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: cc8cf2f7a78e7e8658bf9767db60aab7
gd-progs-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: 3eb8a8600eb615ca61de062f7fced782
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)

SRPMS:
gd-2.0.33-9.4.el5_4.2.src.rpm     MD5: 6edfd935f7a4dcae8f944169f3891233
SHA-256: 6ac1636679bc6c79ac105e77e6bb9751f1e50ae6bc905d4e510d1fddf95c1535
 
IA-32:
gd-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 4483731239c0646af8c38670d69ded73
gd-devel-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 1f45e0d8fbbbceccfb3daa456902d1d2
gd-progs-2.0.33-9.4.el5_4.2.i386.rpm     MD5: ee44761474464097015a99ea547114c9
 
IA-64:
gd-2.0.33-9.4.el5_4.2.ia64.rpm     MD5: 95bae601b4da583f636a2597bc9b7925
gd-devel-2.0.33-9.4.el5_4.2.ia64.rpm     MD5: f367f6a982e95e03975dded96609b847
gd-progs-2.0.33-9.4.el5_4.2.ia64.rpm     MD5: 9d132d90722d91dc14c9e192b0bd4ae6
 
PPC:
gd-2.0.33-9.4.el5_4.2.ppc.rpm     MD5: fda178d725a6d9515d08942f67333a30
gd-2.0.33-9.4.el5_4.2.ppc64.rpm     MD5: 477d52083e551fe2b53b43aaabcf98aa
gd-devel-2.0.33-9.4.el5_4.2.ppc.rpm     MD5: 2fed2de5f0f1aac6c90a7d709270b72d
gd-devel-2.0.33-9.4.el5_4.2.ppc64.rpm     MD5: 9aac1986ce537cb559d2d710f0959ef1
gd-progs-2.0.33-9.4.el5_4.2.ppc.rpm     MD5: 419ba341943ead2d2be6dda2457563ec
 
s390x:
gd-2.0.33-9.4.el5_4.2.s390.rpm     MD5: b3c70c625ac850ce5208f43bdb539f79
gd-2.0.33-9.4.el5_4.2.s390x.rpm     MD5: 843b82de1c739988fd23491ca20b3f55
gd-devel-2.0.33-9.4.el5_4.2.s390.rpm     MD5: 732e03ef8bbc1cd43835d751dd9b4d33
gd-devel-2.0.33-9.4.el5_4.2.s390x.rpm     MD5: 7f343a70b8cc30cccf6385ea692c0c28
gd-progs-2.0.33-9.4.el5_4.2.s390x.rpm     MD5: 58e357a5f87520dbf031f58c6f605527
 
x86_64:
gd-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 4483731239c0646af8c38670d69ded73
gd-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: 817be3b523ee212816356f90264787c5
gd-devel-2.0.33-9.4.el5_4.2.i386.rpm     MD5: 1f45e0d8fbbbceccfb3daa456902d1d2
gd-devel-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: e33868167a70cc30e18f7aed0fc45372
gd-progs-2.0.33-9.4.el5_4.2.x86_64.rpm     MD5: 55d6c6790107cb1f9acfc18ecea330ab
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gd-2.0.28-5.4E.el4_8.1.src.rpm     MD5: 949a1c28231f3bf3b299ceacd6a7800f
 
IA-32:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: da5f82aeb78aa5f0f2780a979ca96a8b
gd-progs-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: 0ab52f3c21f4e7af7d0ccabaaf48b9ea
 
IA-64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 29647ff51641cbdfe47e607cb6b2a3ea
gd-devel-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 3bbb1c4364c26b533c50dba1f2e2010b
gd-progs-2.0.28-5.4E.el4_8.1.ia64.rpm     MD5: 0f22546d837ccb725a65120324599bed
 
x86_64:
gd-2.0.28-5.4E.el4_8.1.i386.rpm     MD5: e62772995cbd79d865f4a872c61a79ac
gd-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: bfcdafff3dd8e4c35a8f9a79c4c98c10
gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: cc8cf2f7a78e7e8658bf9767db60aab7
gd-progs-2.0.28-5.4E.el4_8.1.x86_64.rpm     MD5: 3eb8a8600eb615ca61de062f7fced782
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

529213 - CVE-2009-3546 gd: insufficient input validation in _gdGetColors()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/