Ustanovljena je nova sigurnosna ranjivost kod programskog paketa gd, a koju su udaljeni napadači mogli iskoristiti za DoS (eng. Denial of Service) napad.
Paket:
gd 2.x
Operacijski sustavi:
Fedora 16, Fedora 17
Kritičnost:
9.3
Problem:
pogreška u programskoj funkciji, preljev međuspremnika
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2009-3546
Izvorni ID preporuke:
FEDORA-2012-9298
Izvor:
Fedora
Problem:
Uočena je nepravilnost u funkciji "_gdGetColors" koja može dovesti do preljeva međuspremnika.
Posljedica:
Zloćudan napadač može iskoristiti nedostatak za napad uskraćivanjem usluga (DoS).
Rješenje:
Svim korisnicima se savjetuje instalacija nadogradnje koja otklanja opisani problem.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-9298
2012-06-13 20:57:01
--------------------------------------------------------------------------------
Name : gd
Product : Fedora 17
Version : 2.0.35
Release : 17.fc17
URL : http://www.libgd.org/Main_Page
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.
--------------------------------------------------------------------------------
Update Information:
This is an update, that fixes insufficient input validation in _gdGetColors().
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 11 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.35-17
- fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors()
Resolves: #830745
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #830745 - CVE-2009-3546 gd: insufficient input validation in
_gdGetColors() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=830745
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-9314
2012-06-13 20:57:48
--------------------------------------------------------------------------------
Name : gd
Product : Fedora 16
Version : 2.0.35
Release : 17.fc16
URL : http://www.libgd.org/Main_Page
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.
--------------------------------------------------------------------------------
Update Information:
This is an update, that fixes insufficient input validation in _gdGetColors().
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 11 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.35-17
- fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors()
Resolves: #830745
* Tue Feb 28 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.35-16
- Fixed AALineThick.patch to display vertical lines correctly
Resolves: #798255
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
2.0.35-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 8 2011 Adam Jackson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.0.35-14
- Rebuild for libpng 1.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #830745 - CVE-2009-3546 gd: insufficient input validation in
_gdGetColors() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=830745
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke