FrSIRT - Fedora Security Update Fixes GD Code Execution and Denial of Service Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes GD Code Execution and Denial of Service Issues

Title : Fedora Security Update Fixes GD Code Execution and Denial of Service Issues
Advisory ID : FrSIRT/ADV-2007-3209
CVE ID : CVE-2007-3472 - CVE-2007-3473 - CVE-2007-3474 - CVE-2007-3475 - CVE-2007-3476 - CVE-2007-3477 - CVE-2007-3478
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-20

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

7ec90b5367033b13d592d86a30769f91ff353e89 SRPMS/gd-2.0.35-1.fc6.src.rpm
7ec90b5367033b13d592d86a30769f91ff353e89 noarch/gd-2.0.35-1.fc6.src.rpm
04d19be2cd0f4d99af6173f98a107cdb20c3b3b4 ppc/gd-devel-2.0.35-1.fc6.ppc.rpm
0649f623ebd277a86f5b595f2087176b41081e17 ppc/gd-2.0.35-1.fc6.ppc.rpm
9c1e46c10b95a36272110187f256138785404075 ppc/gd-progs-2.0.35-1.fc6.ppc.rpm
0d4196a2330be0ea7f01eb4b07fd3a61184b036e ppc/debug/gd-debuginfo-2.0.35-1.fc6.ppc.rpm
45200261eca7b6c0787b2ecc40895581539f3b4f x86_64/gd-progs-2.0.35-1.fc6.x86_64.rpm
3a360482e0507faf835b6dfdd3825cce06e8fd24 x86_64/gd-2.0.35-1.fc6.x86_64.rpm
4d1a83ad63ad2420296ad0da5b387bae8424ec46 x86_64/gd-devel-2.0.35-1.fc6.x86_64.rpm
c534466b3285b9077dc2434efcc249254edda687 x86_64/debug/gd-debuginfo-2.0.35-1.fc6.x86_64.rpm
89f03a7ea527e00a4760bf8573ba1599593d4401 i386/debug/gd-debuginfo-2.0.35-1.fc6.i386.rpm
0062e7759fd9cafb4ef16ee4d9b485fbd95d5ac7 i386/gd-progs-2.0.35-1.fc6.i386.rpm
c4466ad20dde160ddef6cfb6eafd85d3009c4dc5 i386/gd-2.0.35-1.fc6.i386.rpm
13689420c94f0566bc1f04c046752f5a9e1b17b4 i386/gd-devel-2.0.35-1.fc6.i386.rpm

ChangeLog

2007-09-20 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues