Fedora Legacy Test Update Notification: gd

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Mar 5 18:10:39 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2254
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2254
2005-03-05
---------------------------------------------------------------------

Name        : gd
Versions    : rh7.3: gd-1.8.4-4.1.legacy
Versions    : rh9: gd-1.8.4-11.1.legacy
Versions    : fc1: gd-2.0.15-1.2.legacy
Summary     : A graphics library for quick creation of PNG or JPEG
              images.
Description :
The gd graphics library allows your code to quickly draw images complete
with lines, arcs, text, multiple colors, cut and paste from other
images, and flood fills. The library will write out the result as a PNG
or JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
Web browsers. Note that gd is not a paint or graphics manipulation
program.

---------------------------------------------------------------------
Update Information:

Updated gd packages that fix security issues with overflow in various
memory allocation calls are now available.

The gd packages contain a graphics library used for the dynamic creation
of images such as PNG and JPEG.

Several buffer overflows were reported in various memory allocation
calls. An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.

While researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0941 to these issues.

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi>: 1.8.4-4.1.legacy
- Fix CAN-2004-0941,CAN-2004-0990, from RHEL.

rh9:
* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi>: 1.8.4-11.1.legacy
- Fix CAN-2004-0941,CAN-2004-0990, from RHEL.

fc1:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2.0.15-1.2.legacy
- Added missing XFree86-devel BuildPrereq

* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2.0.15-1.1.legacy
- Added security patch for CAN-2004-0941 and CAN-2004-0990

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
094e683de916db07104de9f735a0773db3a89d25 
redhat/7.3/updates-testing/i386/gd-1.8.4-4.1.legacy.i386.rpm
addb29d84db162ceedd78e208efa08b3f7b35589 
redhat/7.3/updates-testing/i386/gd-devel-1.8.4-4.1.legacy.i386.rpm
e736bda88bfdc20a5560c33a2866d36af57d365a 
redhat/7.3/updates-testing/i386/gd-progs-1.8.4-4.1.legacy.i386.rpm
f75168266e076834d3c8c4bd247f5b71dd46a6b3 
redhat/7.3/updates-testing/SRPMS/gd-1.8.4-4.1.legacy.src.rpm

rh9:
3315825ff28caf0516227aa9c7b60df6ad5fb865 
redhat/9/updates-testing/i386/gd-1.8.4-11.1.legacy.i386.rpm
e4e1128a446799ade2bdfd31c2b2165e8391298c 
redhat/9/updates-testing/i386/gd-devel-1.8.4-11.1.legacy.i386.rpm
68ddd0a5e252b8c478006a7121a516a125b468e7 
redhat/9/updates-testing/i386/gd-progs-1.8.4-11.1.legacy.i386.rpm
66a0ea816ea63de04c80914410cec6d772e89dee 
redhat/9/updates-testing/SRPMS/gd-1.8.4-11.1.legacy.src.rpm

fc1:
e468a13340eb0adc2c4a53ea46db6acd2a909cdc 
fedora/1/updates-testing/i386/gd-2.0.15-1.2.legacy.i386.rpm
1b589147f1a2779031d9815c330b919098fcc4ca 
fedora/1/updates-testing/i386/gd-devel-2.0.15-1.2.legacy.i386.rpm
eec3d79e1bb687c7aae118d561ff8683d0c4713d 
fedora/1/updates-testing/i386/gd-progs-2.0.15-1.2.legacy.i386.rpm
ca49d8c20730afd691e5cbe83b9c396a57a789aa 
fedora/1/updates-testing/SRPMS/gd-2.0.15-1.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050305/df0de234/attachment.sig>

More information about the fedora-legacy-list mailing list