aru Posted June 28, 2006 Report Share Posted June 28, 2006 Mandriva Advisories MDKSA-2006:113 : tetex Updated tetex packages fix embedded GD vulnerabilities June 27th, 2006 Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers tocause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Tetex contains an embedded copy of the GD library code. (CAN-2004-0941) The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.Tetex contains an embedded copy of the GD library code. (CVE-2006-2906) Updated packages have been patched to address both issues. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:113 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts