Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22660
HistoryOct 20, 2009 - 12:00 a.m.

[ MDVSA-2009:284 ] gd

2009-10-2000:00:00
vulners.com
67
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2009:284
http://www.mandriva.com/security/

Package : gd
Date : October 20, 2009
Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0

Problem Description:

A vulnerability has been found and corrected in gd:

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).

This update fixes this vulnerability.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546

Updated Packages:

Mandriva Linux 2009.0:
6c866bae01f25d5dc270d3adbbd5d993 2009.0/i586/gd-utils-2.0.35-6.1mdv2009.0.i586.rpm
bd8887aeba9889fcdcb2cda16a6a53de 2009.0/i586/libgd2-2.0.35-6.1mdv2009.0.i586.rpm
88e7ebdf94c3493e816ffd512a2807a1 2009.0/i586/libgd-devel-2.0.35-6.1mdv2009.0.i586.rpm
d053ec9518ec742e3bc36353337b686d 2009.0/i586/libgd-static-devel-2.0.35-6.1mdv2009.0.i586.rpm
754f5c9783f4b5f7b1b117b18cca15d6 2009.0/SRPMS/gd-2.0.35-6.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
c8ea9db1a2900f0bf6126322df6516c3 2009.0/x86_64/gd-utils-2.0.35-6.1mdv2009.0.x86_64.rpm
ce2d31ad700733f16bae12aa67a7e7ef 2009.0/x86_64/lib64gd2-2.0.35-6.1mdv2009.0.x86_64.rpm
e5930aa4e9470a02c2d3ed35a9de8157 2009.0/x86_64/lib64gd-devel-2.0.35-6.1mdv2009.0.x86_64.rpm
a65dc17ce7c3814423c7274edd58d105 2009.0/x86_64/lib64gd-static-devel-2.0.35-6.1mdv2009.0.x86_64.rpm
754f5c9783f4b5f7b1b117b18cca15d6 2009.0/SRPMS/gd-2.0.35-6.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
05f81dc2f0895b4a3466cd855e43d4de 2009.1/i586/gd-utils-2.0.35-8.1mdv2009.1.i586.rpm
f52e6f8eb0bd1ef751ac64eeffe514ac 2009.1/i586/libgd2-2.0.35-8.1mdv2009.1.i586.rpm
55d6d5fce499049e0f06f8e98e4bbfe2 2009.1/i586/libgd-devel-2.0.35-8.1mdv2009.1.i586.rpm
546237c9a13ad9ee1abfe59f70fb79fd 2009.1/i586/libgd-static-devel-2.0.35-8.1mdv2009.1.i586.rpm
35226b6d2166537c4b797fb2f031fbeb 2009.1/SRPMS/gd-2.0.35-8.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
de8bdbcb765b3db98246ded84df3d247 2009.1/x86_64/gd-utils-2.0.35-8.1mdv2009.1.x86_64.rpm
b20cc886a69f5bea68421326db8a881e 2009.1/x86_64/lib64gd2-2.0.35-8.1mdv2009.1.x86_64.rpm
4163f9180cfbd869f8e1309df343f739 2009.1/x86_64/lib64gd-devel-2.0.35-8.1mdv2009.1.x86_64.rpm
3b55d54e9428b159a707321717ad93c8 2009.1/x86_64/lib64gd-static-devel-2.0.35-8.1mdv2009.1.x86_64.rpm
35226b6d2166537c4b797fb2f031fbeb 2009.1/SRPMS/gd-2.0.35-8.1mdv2009.1.src.rpm

Corporate 3.0:
403f12a5a250eb7b19747e98acca455a corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
63236e5b8c12a00613db49d7efbaf219 corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
2413a31873e5a12de7f91b9813edceac corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
3c790eb64d13da72fd5233b231a37048 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm
e53ea6c39ecf645109440a1b6d766753 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
b9ed91e59a55df1ca59f4982d1cf38e7 corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm
0e7b3b8f25571fd79f7a618ba14095b7 corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm
b3fee4c8dac6089c5da355e505c3b54e corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm
74cd55856ed0275d795db3f7ae5b6081 corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm
e53ea6c39ecf645109440a1b6d766753 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate 4.0:
2c26534467a1c98718bc2bb20e54bcab corporate/4.0/i586/gd-utils-2.0.33-3.6.20060mlcs4.i586.rpm
59601ba68440a1b0fd34c418d6c4716b corporate/4.0/i586/libgd2-2.0.33-3.6.20060mlcs4.i586.rpm
feaaa0d30efbfded9b2423bd843449d5 corporate/4.0/i586/libgd2-devel-2.0.33-3.6.20060mlcs4.i586.rpm
ca9df591a9e6e6df86573ea89f1d12dc corporate/4.0/i586/libgd2-static-devel-2.0.33-3.6.20060mlcs4.i586.rpm
eae43b418d8217f8a1525a6d9708104b corporate/4.0/SRPMS/gd-2.0.33-3.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
41af6c4d472865a1980f10f0b23f5d02 corporate/4.0/x86_64/gd-utils-2.0.33-3.6.20060mlcs4.x86_64.rpm
0f3cb929bf45c233a2fc79a21065f259 corporate/4.0/x86_64/lib64gd2-2.0.33-3.6.20060mlcs4.x86_64.rpm
f6a11970d270993097348cb3572db65c corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.6.20060mlcs4.x86_64.rpm
febdcbf9b32675bbde080713fd2084f1 corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.6.20060mlcs4.x86_64.rpm
eae43b418d8217f8a1525a6d9708104b corporate/4.0/SRPMS/gd-2.0.33-3.6.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
1db0eb2e2b696a31f830b4947cf6a89e mes5/i586/gd-utils-2.0.35-6.1mdvmes5.i586.rpm
e3817498bf992e5f0b5e51ee60c65211 mes5/i586/libgd2-2.0.35-6.1mdvmes5.i586.rpm
28baee14f1cc077348f61662ff4ea28b mes5/i586/libgd-devel-2.0.35-6.1mdvmes5.i586.rpm
c9e3fbe28c80b703e99db1a04f80e91d mes5/i586/libgd-static-devel-2.0.35-6.1mdvmes5.i586.rpm
f8d52f8fa6f2293104e0f7efe1f7813d mes5/SRPMS/gd-2.0.35-6.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
9429f44d43fd99c47aab8b6c0a7224ee mes5/x86_64/gd-utils-2.0.35-6.1mdvmes5.x86_64.rpm
4eabccefa3e38ac1047a563bfbc9176f mes5/x86_64/lib64gd2-2.0.35-6.1mdvmes5.x86_64.rpm
607e283d1361a2a96321dc0379694a82 mes5/x86_64/lib64gd-devel-2.0.35-6.1mdvmes5.x86_64.rpm
b3cad5c4e74f33f80084dfcd39c15066 mes5/x86_64/lib64gd-static-devel-2.0.35-6.1mdvmes5.x86_64.rpm
f8d52f8fa6f2293104e0f7efe1f7813d mes5/SRPMS/gd-2.0.35-6.1mdvmes5.src.rpm

Multi Network Firewall 2.0:
4747f4e4dc27468a95042588e404408f mnf/2.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
f6db5567845a718254f7f46780405121 mnf/2.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
564143eee8ea15f96bec0c87c0585067 mnf/2.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
b3eb34d29849cdb83ebc658c616e7634 mnf/2.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm
bb33f217b6c18e6e9076a235ace81cab mnf/2.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK3aKmmqjQ0CJFipgRAqYIAJ0fT+c75BABM3LmtAWj1oVw0ggHIQCg6t/v
FOF1M3BzT783w/39eoTYZTc=
=2yng
-----END PGP SIGNATURE-----

Related

openvas 73
freebsd 3
prion 2
nessus 41
cve 2
ubuntucve 2
debiancve 1
securityvulns 2
f5 2
ubuntu 1
redhat 2
veracode 1
fedora 6
oraclelinux 2
centos 2
gentoo 2
osv 1
debian 1
slackware 2
amazon 1
seebug 1
archlinux 1
kitploit 1
openvas
openvas
Mandrake Security Advisory MDVSA-2009:285 (php)
2009-10-27 00:00:00
Mandriva Security Advisory MDVSA-2009:284-1 (gd)
2009-12-10 00:00:00
Mandrake Security Advisory MDVSA-2009:285 (php)
2009-10-27 00:00:00
freebsd
freebsd
gd -- '_gdGetColors' remote buffer overflow vulnerability
2009-10-15 00:00:00
php5 -- Multiple security issues
2009-09-17 00:00:00
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
prion
prion
Buffer overflow
2009-10-19 20:00:00
Design/Logic Flaw
2009-09-22 10:30:00
nessus
nessus
Mandriva Linux Security Advisory : gd (MDVSA-2009:284-1)
2009-10-22 00:00:00
FreeBSD : gd -- '_gdGetColors' remote buffer overflow vulnerability (4e8344a3-ca52-11de-8ee8-00215c6a37bb)
2009-11-09 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2009:285)
2009-10-22 00:00:00
cve
cve
CVE-2009-3546
2009-10-19 20:00:00
CVE-2009-3293
2009-09-22 10:30:00
ubuntucve
ubuntucve
CVE-2009-3546
2009-10-19 00:00:00
CVE-2009-3293
2009-09-22 00:00:00
debiancve
debiancve
CVE-2009-3546
2009-10-19 20:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2009-10-20 00:00:00
[ MDVSA-2009:248 ] php
2009-09-28 00:00:00
f5
f5
SOL13275 - PHP vulnerability CVE-2009-3293
2011-12-15 00:00:00
K13275 : PHP vulnerability CVE-2009-3293
2013-09-12 00:00:00
ubuntu
ubuntu
GD library vulnerabilities
2009-11-05 00:00:00
redhat
redhat
(RHSA-2010:0003) Moderate: gd security update
2010-01-04 00:00:00
(RHSA-2010:0040) Moderate: php security update
2010-01-13 00:00:00
veracode
veracode
Buffer Overflow
2019-06-03 06:31:32
fedora
fedora
[SECURITY] Fedora 17 Update: gd-2.0.35-17.fc17
2012-06-30 08:36:08
[SECURITY] Fedora 12 Update: maniadrive-1.2-19.fc12
2009-12-04 23:35:53
[SECURITY] Fedora 12 Update: php-5.3.1-1.fc12
2009-12-04 23:35:53
oraclelinux
oraclelinux
gd security update
2010-01-04 00:00:00
php security update
2010-01-13 00:00:00
centos
centos
gd security update
2010-01-04 23:33:40
php security update
2010-01-13 22:42:15
gentoo
gentoo
GD: User-assisted execution of arbitrary code
2010-06-03 00:00:00
PHP: Multiple vulnerabilities
2010-01-05 00:00:00
osv
osv
libgd2 - several vulnerabilities
2009-11-17 00:00:00
debian
debian
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities
2009-11-17 20:52:01
slackware
slackware
php
2009-10-04 00:01:56
[slackware-security] libwmf
2018-05-01 01:19:49
amazon
amazon
Important: libwmf
2015-10-27 13:51:00
seebug
seebug
PHP 5.2.11版本修复多个安全漏洞
2009-09-23 00:00:00
archlinux
archlinux
[ASA-201701-1] libwmf: multiple issues
2017-01-01 00:00:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00
JSON
Related for SECURITYVULNS:DOC:22660
openvas73freebsd3prion2nessus41cve2ubuntucve2debiancve1securityvulns2f52ubuntu1redhat2veracode1fedora6oraclelinux2centos2gentoo2osv1debian1slackware2amazon1seebug1archlinux1kitploit1