From martin.pitt@canonical.com Wed Nov 10 01:29:24 2004 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Wed, 10 Nov 2004 00:23:12 +0100 Subject: [Full-Disclosure] [USN-21-1] libgd vulnerabilities =========================================================== Ubuntu Security Notice USN-21-1 November 09, 2004 libgd vulnerabilities CAN-2004-0990 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libgd1-noxpm libgd1-xpm The problem can be corrected by upgrading the affected package to version 1.8.4-36ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several buffer overflows have been discovered in libgd's PNG handling functions. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges. Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd_1.8.4-36ubuntu0.1.diff.gz Size/MD5: 10916 c2c530c778e1d3292a548011a51032ad http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd_1.8.4-36ubuntu0.1.dsc Size/MD5: 775 bb00a458ec1948cd9706c61be02fe2c7 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd_1.8.4.orig.tar.gz Size/MD5: 559248 813625508e31f5c205904a305bdc8669 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-dev_1.8.4-36ubuntu0.1_all.deb Size/MD5: 8618 c25e353edc262aab44f7b4669f7e497a http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd/libgd1_1.8.4-36ubuntu0.1_all.deb Size/MD5: 8606 1f53fe3d1c8721a0cc49d9c06a14d92d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-noxpm-dev_1.8.4-36ubuntu0.1_amd64.deb Size/MD5: 118226 76e550f3ddf341474d0e57151a817f08 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-xpm-dev_1.8.4-36ubuntu0.1_amd64.deb Size/MD5: 119058 1e7e7dde4d9c3e75cf024c670ce4777b http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-noxpm_1.8.4-36ubuntu0.1_amd64.deb Size/MD5: 111626 62013a52e89463e7719ac1996da38b65 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-xpm_1.8.4-36ubuntu0.1_amd64.deb Size/MD5: 111966 6dbebfa30099ccb2a9a3f635fd7a0e13 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-noxpm-dev_1.8.4-36ubuntu0.1_i386.deb Size/MD5: 113480 2d9c7f28380bbf08c743f618e25137e8 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-xpm-dev_1.8.4-36ubuntu0.1_i386.deb Size/MD5: 114024 ac17d4b460aa99c28f56221fbe65b49b http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-noxpm_1.8.4-36ubuntu0.1_i386.deb Size/MD5: 108608 56f51fe4d1dfb25a8b595dedf4654d85 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-xpm_1.8.4-36ubuntu0.1_i386.deb Size/MD5: 109002 514f150e1c8ba0bb2899ad4b4df76c50 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-noxpm-dev_1.8.4-36ubuntu0.1_powerpc.deb Size/MD5: 119384 18296ec9e4086eb3e01c6b7be863ce97 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd-xpm-dev_1.8.4-36ubuntu0.1_powerpc.deb Size/MD5: 120238 667f0b624fc6a54ba5d846f00fc9c22e http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-noxpm_1.8.4-36ubuntu0.1_powerpc.deb Size/MD5: 112964 9aab88d6c4355bd7d21c33ece7b2571e http://security.ubuntu.com/ubuntu/pool/main/libg/libgd/libgd1-xpm_1.8.4-36ubuntu0.1_powerpc.deb Size/MD5: 113238 dcf54fbd2b5e45981e64b0d29e466123 [ Part 2, "Digital signature" Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ]