Debian DSA-1936-1 : libgd2 - several vulnerabilities
High Nessus Plugin ID 44801
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2007-0455 Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution (etch).
- CVE-2009-3546 Tomas Hoger discovered a boundary error in the '_gdGetColors()' function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file.
SolutionUpgrade the libgd2 packages.
For the oldstable distribution (etch), these problems have been fixed in version 2.0.33-5.2etch2.
For the stable distribution (lenny), these problems have been fixed in version 2.0.36~rc1~dfsg-3+lenny1.
For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.0.36~rc1~dfsg-3.1.