FrSIRT - Fedora Security Update Fixes GD "gdImageStringFTEx()" Buffer Overflow Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes GD "gdImageStringFTEx()" Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes GD "gdImageStringFTEx()" Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2007-0565
CVE ID : CVE-2007-0455
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-13

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released security updates to address a vulnerability identified in GD [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

f5b3176556d582f3aead7251e444bb39325e67eb SRPMS/gd-2.0.33-7.fc5.src.rpm
f5b3176556d582f3aead7251e444bb39325e67eb noarch/gd-2.0.33-7.fc5.src.rpm
d8efaab38b6829ed03be8fd49a07c69076c935bd ppc/debug/gd-debuginfo-2.0.33-7.fc5.ppc.rpm
32d5ac5ba3554bce9d147211f9908460e5eb2a77 ppc/gd-progs-2.0.33-7.fc5.ppc.rpm
07c6ca3db3c4c00d20bd7caeb27b425f1f0cceae ppc/gd-2.0.33-7.fc5.ppc.rpm
401c7a2beecb667eef295d7e3fa2b226a99af174 ppc/gd-devel-2.0.33-7.fc5.ppc.rpm
0327d9e2082fab529730c8cc3bbfc973715926a4 x86_64/debug/gd-debuginfo-2.0.33-7.fc5.x86_64.rpm
5e80480e03dfec8450b20accb0602d8d0f34a4b9 x86_64/gd-progs-2.0.33-7.fc5.x86_64.rpm
839b0026d0198770d90a6a0c8536318fb842ebbc x86_64/gd-devel-2.0.33-7.fc5.x86_64.rpm
882b62adfb15b48fac779baadf7a7443e11fcc2f x86_64/gd-2.0.33-7.fc5.x86_64.rpm
61e529f58be3552a4ff3990bd8f1631818241401 i386/gd-progs-2.0.33-7.fc5.i386.rpm
c5f6052bf5d36698b5f02335177b152b88a4741e i386/debug/gd-debuginfo-2.0.33-7.fc5.i386.rpm
6aa079c7183d1908263e70fdf8417ffdaaf78688 i386/gd-devel-2.0.33-7.fc5.i386.rpm
e9a4a5e258a33e7d4912324d38128629d5385f65 i386/gd-2.0.33-7.fc5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42 SRPMS/gd-2.0.33-10.fc6.src.rpm
feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42 noarch/gd-2.0.33-10.fc6.src.rpm
bba9c7e76f3e2aaf0a9e05b3e324b1acb6d796f9 ppc/gd-2.0.33-10.fc6.ppc.rpm
4c53ab51750622a608e2bf9bb863300d0fa5ffc1 ppc/gd-devel-2.0.33-10.fc6.ppc.rpm
f2b2b126b582d7e7469ecc0f3acf4c43619cd920 ppc/debug/gd-debuginfo-2.0.33-10.fc6.ppc.rpm
785fc0a4d2357f36882e479c65b3625bc95a65cc ppc/gd-progs-2.0.33-10.fc6.ppc.rpm
b91b8f712d63571239dc91fb6f4df260622dbc16 x86_64/debug/gd-debuginfo-2.0.33-10.fc6.x86_64.rpm
2d0294c076559f602f909cec2b7800ce9b7dcc57 x86_64/gd-2.0.33-10.fc6.x86_64.rpm
79ec946c48b8d64d102c9eec81aa3602e5190f8c x86_64/gd-progs-2.0.33-10.fc6.x86_64.rpm
94c9cfba053ebc2940f96cf36668a7d235a5df44 x86_64/gd-devel-2.0.33-10.fc6.x86_64.rpm
9dda1875358b97cbcfeddf7866747ff7a068fea9 i386/gd-devel-2.0.33-10.fc6.i386.rpm
b94f2270165586ce75abff4790a47102f3ca7455 i386/gd-2.0.33-10.fc6.i386.rpm
17ca24b887d547675857f1e80ba1aef5b7d9d18e i386/gd-progs-2.0.33-10.fc6.i386.rpm
d5b6337ca28aa58876db14ef7abda985e98c1754 i386/debug/gd-debuginfo-2.0.33-10.fc6.i386.rpm

ChangeLog

2007-02-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco IOS/CatOS VLAN Trunking Protocol DoS Vulnerability
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)