Jump to content

Advisories (MDKSA-2006:113 ): tetex


aru
 Share

Recommended Posts

Mandriva Advisories MDKSA-2006:113 : tetex

 

Updated tetex packages fix embedded GD vulnerabilities

June 27th, 2006

 

Integer overflows were reported in the GD Graphics Library (libgd)

 

2.0.28, and possibly other versions. These overflows allow remote

 

attackers tocause a denial of service and possibly execute arbitrary

 

code via PNG image files with large image rows values that lead to a

 

heap-based buffer overflow in the gdImageCreateFromPngCtx() function.

 

Tetex contains an embedded copy of the GD library code. (CAN-2004-0941)

 

 

 

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas

 

Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers

 

to cause a denial of service (CPU consumption) via malformed GIF data that

 

causes an infinite loop.Tetex contains an embedded copy of the GD library

 

code. (CVE-2006-2906)

 

 

 

Updated packages have been patched to address both issues.

 

 

The released versions of Mandriva GNU/Linux affected are:

  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:

www.mandriva.com/security/advisories?name=MDKSA-2006:113

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)

Link to comment
Share on other sites

 Share

×
×
  • Create New...