[Security Announce] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities
Posted on: 06/28/2006 05:22 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:113
http://www.mandriva.com/security/
_______________________________________________________________________

Package : tetex
Date : June 27, 2006
Affected: 10.2, 2006.0
_______________________________________________________________________

Problem Description:

Integer overflows were reported in the GD Graphics Library (libgd)
2.0.28, and possibly other versions. These overflows allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via PNG image files with large image rows values that lead to a
heap-based buffer overflow in the gdImageCreateFromPngCtx() function.
Tetex contains an embedded copy of the GD library code. (CAN-2004-0941)

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers
to cause a denial of service (CPU consumption) via malformed GIF data that
causes an infinite loop. Tetex contains an embedded copy of the GD library
code. (CVE-2006-2906)

Updated packages have been patched to address both issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameƊN-2004-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
5bcf729ccb4caca85d8d2142293b2d77 10.2/RPMS/jadetex-3.12-106.2.102mdk.i586.rpm
bc31e31b117e2a751da7849907df917c 10.2/RPMS/tetex-3.0-8.2.102mdk.i586.rpm
0910bcc1bce95b11963262c3b722fc47 10.2/RPMS/tetex-afm-3.0-8.2.102mdk.i586.rpm
a3eac32b19e1c212c6ec8bf5ba6ca34a 10.2/RPMS/tetex-context-3.0-8.2.102mdk.i586.rpm
b4a7db5b9c127e2399afdaf478f1141f 10.2/RPMS/tetex-devel-3.0-8.2.102mdk.i586.rpm
9679b875893e7a5d283802472cf784eb 10.2/RPMS/tetex-doc-3.0-8.2.102mdk.i586.rpm
3b250dbb1aa85b427f149eeb7b93bee5 10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.i586.rpm
2af97694741d1589b9d4f4e9e2fff794 10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.i586.rpm
713efa8fa744a3cb344ec016c7892be3 10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.i586.rpm
8646db9366788d889c03333975a58fb3 10.2/RPMS/tetex-latex-3.0-8.2.102mdk.i586.rpm
4b2bb6743bdda9afc4acaa5e9886eaf5 10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.i586.rpm
b2f6632e88505d5449369f352bd3defe 10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.i586.rpm
4c6665db413bc2763e671368c594b96d 10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.i586.rpm
95689eb1cd6a82f24063af60dd6f6427 10.2/RPMS/xmltex-1.9-54.2.102mdk.i586.rpm
73dffa296703ab7de146d3fbe811ab10 10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
e67d983720943369fde6b38fadae015a x86_64/10.2/RPMS/jadetex-3.12-106.2.102mdk.x86_64.rpm
75416081cfc3cdf6a8ccfe689618cae8 x86_64/10.2/RPMS/tetex-3.0-8.2.102mdk.x86_64.rpm
81ad797551550873a29f408bd0740ac7 x86_64/10.2/RPMS/tetex-afm-3.0-8.2.102mdk.x86_64.rpm
37f969186982784662e8ea84acd93713 x86_64/10.2/RPMS/tetex-context-3.0-8.2.102mdk.x86_64.rpm
d20f39d3ef368502677cb5e137c41831 x86_64/10.2/RPMS/tetex-devel-3.0-8.2.102mdk.x86_64.rpm
29717e89753a6566846d77c38d0ea661 x86_64/10.2/RPMS/tetex-doc-3.0-8.2.102mdk.x86_64.rpm
ed84f2352218a281b3e926a00be8503c x86_64/10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.x86_64.rpm
09c946780c1bee9c2c66fbc0456d3225 x86_64/10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.x86_64.rpm
dbd732fc3fbd6b95d4cdf819ce5229a2 x86_64/10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.x86_64.rpm
b0c55dba84cf1c9be4f3e04d2ce53e41 x86_64/10.2/RPMS/tetex-latex-3.0-8.2.102mdk.x86_64.rpm
73dcdebb1514d70b2bba997ce3562453 x86_64/10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.x86_64.rpm
95f4fa468924bd6be520da4dde69d379 x86_64/10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.x86_64.rpm
54cfa5d726e5b53a2811e601c351b8c9 x86_64/10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.x86_64.rpm
1ed4d39c162d2153a7741effdedcd7ad x86_64/10.2/RPMS/xmltex-1.9-54.2.102mdk.x86_64.rpm
73dffa296703ab7de146d3fbe811ab10 x86_64/10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

Mandriva Linux 2006.0:
c0cc16cb92ca140fa0cd77ab3082334c 2006.0/RPMS/jadetex-3.12-110.2.20060mdk.i586.rpm
2a599e06878cfd913ee2460352d18833 2006.0/RPMS/tetex-3.0-12.2.20060mdk.i586.rpm
80577accadf3ccede359d1c305e3cb62 2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.i586.rpm
b1e27b6283a17194ef4feead5033b939 2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.i586.rpm
e735ccd87def0f4a8bf1262aa3d92ca6 2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.i586.rpm
dbd71f3daf27a1bafba42eb0051f2fab 2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.i586.rpm
eea80943eaef26d2d0d40d4ef7e183aa 2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.i586.rpm
05ce22c18eb82c10a6306cbe8d2446fa 2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.i586.rpm
0d1270c9b9f940d3206aaa1be682b1cf 2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.i586.rpm
962a78f23d0607544ffa35045b7af955 2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.i586.rpm
4e823ca61b25f0285c75dc1886947e73 2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.i586.rpm
44df21439b36aa5e9b60055b4f77936d 2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.i586.rpm
8eab912c43ee68f35cdd1f9480d5951c 2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.i586.rpm
6d8ba515e52f4abfd54dd306174462c7 2006.0/RPMS/xmltex-1.9-58.2.20060mdk.i586.rpm
81d035449228282e7a72419f4b260e7a 2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
0466f60289f9ce688130e6d0a508e8bc x86_64/2006.0/RPMS/jadetex-3.12-110.2.20060mdk.x86_64.rpm
faf6465bf63a2f6719def5d3fb17ef17 x86_64/2006.0/RPMS/tetex-3.0-12.2.20060mdk.x86_64.rpm
32f99226647319d5347d19077788bd5b x86_64/2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.x86_64.rpm
1d1aaee40dad532423173ccea3849e75 x86_64/2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.x86_64.rpm
10d68d89752022e5bdf74ff0b07f1884 x86_64/2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.x86_64.rpm
309c4b8d26fd7b6531b9ab183256191c x86_64/2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.x86_64.rpm
1afd5620adaad5e7a43a5f5b08aec37d x86_64/2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.x86_64.rpm
db2d9cc973c213cc3abe78bdf919c4bc x86_64/2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.x86_64.rpm
e1dffcb652dc8d246d0da1ec6620bd05 x86_64/2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.x86_64.rpm
e792f17a436aae19883b979f32c08a33 x86_64/2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.x86_64.rpm
b992bf51cb291e396a4a7f5d75bd2e84 x86_64/2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.x86_64.rpm
eade7aa0e9665969c8d73bb7909da672 x86_64/2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.x86_64.rpm
f1e9462e7213c74bcc59c27242b8d03b x86_64/2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.x86_64.rpm
4d1ade13bb2ffed71cb2f6d45165a672 x86_64/2006.0/RPMS/xmltex-1.9-58.2.20060mdk.x86_64.rpm
81d035449228282e7a72419f4b260e7a x86_64/2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEoa+vmqjQ0CJFipgRAmsqAKCDUHSEmHsPgDtQw43QlcPkN0HbnACfQrNM
aLENiehuiJNvmKyOFy6DVuo=
=7QK6
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006113__updated_tetex_packages_fix_embedded_gd_vulnerabilities.html)