FrSIRT - Fedora Security Update Fixes GD Code Execution and Denial of Service Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes GD Code Execution and Denial of Service Issues

Title : Fedora Security Update Fixes GD Code Execution and Denial of Service Issues
Advisory ID : FrSIRT/ADV-2007-3105
CVE ID : CVE-2007-3472 - CVE-2007-3473 - CVE-2007-3474 - CVE-2007-3475 - CVE-2007-3476 - CVE-2007-3477 - CVE-2007-3478
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-11

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

7bb5275aca8df221b58ce108c8538b415979b15a gd-progs-2.0.35-1.fc7.ppc64.rpm
96898a397c25883400fb98e802540afc019b29ea gd-devel-2.0.35-1.fc7.ppc64.rpm
cd64d085d90c35ffd398bda1c6cfd8581733b5ea gd-2.0.35-1.fc7.ppc64.rpm
af617ec43148bf36f13ff784394fa31e7c206bce gd-debuginfo-2.0.35-1.fc7.ppc64.rpm
0a061b1215620ade14d552bf33513e9ccba862cb gd-debuginfo-2.0.35-1.fc7.i386.rpm
e6a30015cca7e075d65469e0578c447c3bb13b6a gd-devel-2.0.35-1.fc7.i386.rpm
753ad34469b71cb96cc792b17231e4a35c4ae74b gd-progs-2.0.35-1.fc7.i386.rpm
f3a4e4e17f9efe06675ace48f6aeee22d2928c29 gd-2.0.35-1.fc7.i386.rpm
f487ff02f03019fdf20b3a43b9c82cd042e065db gd-progs-2.0.35-1.fc7.x86_64.rpm
93a6c517023481ebd7cc4466b66ff7b954fc5919 gd-2.0.35-1.fc7.x86_64.rpm
f29b1aea3efbbd4b518c32d59f0ec18a1a5347f6 gd-debuginfo-2.0.35-1.fc7.x86_64.rpm
5491602218664c47b1cea9e7ced892a10160fc47 gd-devel-2.0.35-1.fc7.x86_64.rpm
b7651610c1e1f5fc1fd2ac53f7093fc28e70cecd gd-2.0.35-1.fc7.ppc.rpm
b1f6c7df2bb6ff7f647d88953395301c19e38a2d gd-progs-2.0.35-1.fc7.ppc.rpm
8c548dc3ff6d7031b1b7db799b8d36f9bb9e7c93 gd-devel-2.0.35-1.fc7.ppc.rpm
0e2f7524e66d9aa5ce244da6213fa3f59c1b2214 gd-debuginfo-2.0.35-1.fc7.ppc.rpm
a007fe8a996a5af692b06175bb3c9ef205caf3c5 gd-2.0.35-1.fc7.src.rpm

ChangeLog

2007-09-11 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities
	Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
	Apple Safari for Windows Remote Code Execution Vulnerability
	Apple Mac OS X Command Execution and Security Bypass Issues

	Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)
	Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)
	Microsoft Windows Explorer Remote Code Execution (MS08-038)
	Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)
	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability
	Microsoft Internet Explorer "location" Cross-Domain Scripting Issue

	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerability
	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities