French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes GD "gdImageStringFTEx()" Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes GD "gdImageStringFTEx()" Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2007-0501
CVE ID : CVE-2007-0455
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-07

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Mandriva has released security updates to address a vulnerability identified in GD and libwmf [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
bb5df1fd9874cb4538bd24ba722849c3 2006.0/i586/gd-utils-2.0.33-3.2.20060mdk.i586.rpm
311dbbc55d0d4d80d47305b397dccdfa 2006.0/i586/libgd2-2.0.33-3.2.20060mdk.i586.rpm
6d9f985a8266df26f4642dd985afd3c8 2006.0/i586/libgd2-devel-2.0.33-3.2.20060mdk.i586.rpm
cb18cfd4467243366179b50f60877683 2006.0/i586/libgd2-static-devel-2.0.33-3.2.20060mdk.i586.rpm
f4ed9e9a93903a69682da9f898127575 2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
ffe7cb2190e4d347f82b477b4b90617f 2006.0/x86_64/gd-utils-2.0.33-3.2.20060mdk.x86_64.rpm
92e96a8d5004b396aab5acc4cc853d8e 2006.0/x86_64/lib64gd2-2.0.33-3.2.20060mdk.x86_64.rpm
6a7247cbd5dfd03e51181711404f8dc5 2006.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mdk.x86_64.rpm
cedc398df2eae9a72c4c967b421ceb32 2006.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mdk.x86_64.rpm
f4ed9e9a93903a69682da9f898127575 2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
efddec174f28af4832a9fb488292a9ab 2007.0/i586/gd-utils-2.0.33-5.1mdv2007.0.i586.rpm
4f97206e59ac7f365c458a825a0548f6 2007.0/i586/libgd2-2.0.33-5.1mdv2007.0.i586.rpm
466025b4339876efbfee2a7466a46fa2 2007.0/i586/libgd2-devel-2.0.33-5.1mdv2007.0.i586.rpm
8a662acf86e0dc6ef7ef6207f8e1ec5d 2007.0/i586/libgd2-static-devel-2.0.33-5.1mdv2007.0.i586.rpm
c9690844ec1145ed47053e1194fe9dc3 2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0442cd89cc1fc63d34afc1d7e05576fa 2007.0/x86_64/gd-utils-2.0.33-5.1mdv2007.0.x86_64.rpm
10cdbd6617bfef0029cafdc7a9650761 2007.0/x86_64/lib64gd2-2.0.33-5.1mdv2007.0.x86_64.rpm
3d02da82cf6e5a9885126709b0318c1a 2007.0/x86_64/lib64gd2-devel-2.0.33-5.1mdv2007.0.x86_64.rpm
b696d03707bee9f0c107e88de26f0bf5 2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.1mdv2007.0.x86_64.rpm
c9690844ec1145ed47053e1194fe9dc3 2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm

Corporate 3.0:
47ba42ab82d3d625626a00c65e79effc corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
02256e730c508cff7acee1204f761512 corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
082545ff3f1596c9ae30d5842442f29e corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
371c86bd9b0eecc7331dfbf72cd0ddd5 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm
50b89a63317d23b8712efea59d6fd121 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
9786831c164719c081bf7d56c276a157 corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm
141d9ff878b727046f2484e931f662f7 corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm
84823810c9c592e0505862cc5882b131 corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm
c53cef0bf475c4eeeb59bf4e5c4a11aa corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm
50b89a63317d23b8712efea59d6fd121 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate 4.0:
58ca4f9b316790c648400059a73e53cd corporate/4.0/i586/gd-utils-2.0.33-3.2.20060mlcs4.i586.rpm
57f262fc41dc138a2b01b513e7a6977d corporate/4.0/i586/libgd2-2.0.33-3.2.20060mlcs4.i586.rpm
dfeb2d6e537bcd39e8c4f4dc3cc97782 corporate/4.0/i586/libgd2-devel-2.0.33-3.2.20060mlcs4.i586.rpm
fdd201797572fc130767b6dfa3aaefa5 corporate/4.0/i586/libgd2-static-devel-2.0.33-3.2.20060mlcs4.i586.rpm
91e6169527be92d0a4e1ef4a62bc4dd4 corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
572ae62589b39a2bf9d4dd5b7c34e827 corporate/4.0/x86_64/gd-utils-2.0.33-3.2.20060mlcs4.x86_64.rpm
ca43f6e9a811f49cf442b73c845c8d64 corporate/4.0/x86_64/lib64gd2-2.0.33-3.2.20060mlcs4.x86_64.rpm
8111cbbe7d7fc966fdb8f3c310cf6653 corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm
32e355162f4e68f339cf98f1c1baf53d corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm
91e6169527be92d0a4e1ef4a62bc4dd4 corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm

Mandriva Linux 2006.0:
e20256e67b230fb391ecc25b462eeab2 2006.0/i586/libwmf-0.2.8.3-6.4.20060mdk.i586.rpm
d0d0c26789f2e17e5b86cf4ecb4e0f38 2006.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mdk.i586.rpm
ed27e474fc154203677111795fbb8d55 2006.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mdk.i586.rpm
1e51660d73213b67ba80967c945d0d49 2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d2fbbdf43ce91c6d347e381be6b81d74 2006.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mdk.x86_64.rpm
c4f2e16dd585c2d3d3418e965baf4f7f 2006.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mdk.x86_64.rpm
ec618bd5ddaf3abf11736ba6f7bb312e 2006.0/x86_64/libwmf-0.2.8.3-6.4.20060mdk.x86_64.rpm
1e51660d73213b67ba80967c945d0d49 2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm

Mandriva Linux 2007.0:
6ddcf6fa9d07430b6506c6e539750490 2007.0/i586/libwmf-0.2.8.4-6.1mdv2007.0.i586.rpm
bca845804d4da48c5945a558d88991ba 2007.0/i586/libwmf0.2_7-0.2.8.4-6.1mdv2007.0.i586.rpm
e88b4e66f7ba43445578922a77c0af0a 2007.0/i586/libwmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.i586.rpm
b6fc7246891a9635e260061666f8d1bc 2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9b6632e5918d5984abc3cdc1c3659e47 2007.0/x86_64/lib64wmf0.2_7-0.2.8.4-6.1mdv2007.0.x86_64.rpm
476cae147f1eefc4cff0d328cc235cfb 2007.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.x86_64.rpm
b16363e12139fc6786d22a6cfc549bab 2007.0/x86_64/libwmf-0.2.8.4-6.1mdv2007.0.x86_64.rpm
b6fc7246891a9635e260061666f8d1bc 2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm

Corporate 3.0:
8ab58c9932da307fc45301d4c43952d0 corporate/3.0/i586/libwmf-0.2.8-6.4.C30mdk.i586.rpm
8e7d0ab58e3c307b6bb723545d378d1d corporate/3.0/i586/libwmf0.2_7-0.2.8-6.4.C30mdk.i586.rpm
c82ea507536b900652218a7ab9d3d69c corporate/3.0/i586/libwmf0.2_7-devel-0.2.8-6.4.C30mdk.i586.rpm
e390b914857d4d67bdb2ef45545a82fd corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
ef2f38e688ac821550a8cef7e5ccc48e corporate/3.0/x86_64/lib64wmf0.2_7-0.2.8-6.4.C30mdk.x86_64.rpm
440c29e0dac1fd3e980c270e18f53f0f corporate/3.0/x86_64/lib64wmf0.2_7-devel-0.2.8-6.4.C30mdk.x86_64.rpm
3125547bd6cdc7eb6fde1a768d9ce771 corporate/3.0/x86_64/libwmf-0.2.8-6.4.C30mdk.x86_64.rpm
e390b914857d4d67bdb2ef45545a82fd corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm

Corporate 4.0:
01ea7b987e96e79f3246cec473e44415 corporate/4.0/i586/libwmf-0.2.8.3-6.4.20060mlcs4.i586.rpm
82a459c50db3e1042eb489d13c036871 corporate/4.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mlcs4.i586.rpm
aef7018051548a36066c65ef59de1571 corporate/4.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.i586.rpm
5a04c278fdcb28320aac0cc08e802f14 corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
32bf6a4902c45c2d18de1a025f6cadcc corporate/4.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
db7d2b330c682d23bff9dd852bd6a7ef corporate/4.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
ffb6e68cde364f02cf11f15889fca672 corporate/4.0/x86_64/libwmf-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
5a04c278fdcb28320aac0cc08e802f14 corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm

ChangeLog

2007-02-07 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

IBM AIX Sendmail Header Lines Denial of Service Vulnerability

IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities

IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities

IBM Hardware Management Console Denial of Service Vulnerability

IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability

IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)

Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)

Microsoft Windows Server Service Vulnerability (MS08-067)

Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)

Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)

Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)

Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

Sun Logical Domain Manager Local Privilege Escalation Vulnerability

Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability

Sun Java Messaging Server Cross Site Scripting Vulnerability

Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability

Sun Java System Identity Manager Security Bypass Vulnerabilities

Sun Solaris DHCP Buffer Overflow and Denial of Service

Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy