USN-298-1: libgd2 vulnerability
Posted on: 06/14/2006 10:12 AM

A new libgd2 vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-298-1 June 13, 2006
libgd2 vulnerability
CVE-2006-2906
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libgd2-noxpm 2.0.33-1.1ubuntu1.5.04
libgd2-xpm 2.0.33-1.1ubuntu1.5.04

Ubuntu 5.10:
libgd2-noxpm 2.0.33-1.1ubuntu1.5.10
libgd2-xpm 2.0.33-1.1ubuntu1.5.10

Ubuntu 6.06 LTS:
libgd2-noxpm 2.0.33-2ubuntu5.1
libgd2-xpm 2.0.33-2ubuntu5.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Xavier Roche discovered that libgd's function for reading GIF image
data did not sufficiently verify its validity. Specially crafted GIF
images could cause an infinite loop which used up all available CPU
resources. Since libgd is often used in PHP and Perl web applications,
this could lead to a remote Denial of Service vulnerability.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1=
=2E1ubuntu1.5.04.diff.gz
Size/MD5: 259535 85c0f13b7f7ba029f629311c29708a0e
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1=
=2E1ubuntu1.5.04.dsc
Size/MD5: 897 6e3fa540918cab2297fbdd77f87ea6c6
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.o=
rig.tar.gz
Size/MD5: 587617 be0a6d326cd8567e736fbc75df0a5c45

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.=
33-1.1ubuntu1.5.04_all.deb
Size/MD5: 128566 741f8358ae222a0ff9ff3e679e50e508
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.=
33-1.1ubuntu1.5.04_all.deb
Size/MD5: 128546 d1fd6ab0661d2cfeaca8dfd2cf2b4c29

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-1.1ubuntu1.5.04_amd64.deb
Size/MD5: 142554 fc8552468de8c3ff44249eb8bd4f84a0
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-1.1ubuntu1.5.04_amd64.deb
Size/MD5: 338004 8abf135ee9e18ebd575dc5c8af7458db
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-1.1ubuntu1.5.04_amd64.deb
Size/MD5: 197030 d8836969867424381f0bd1c9e201bc8c
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-1.1ubuntu1.5.04_amd64.deb
Size/MD5: 340906 81be91de25d223b9dfb3aeb7a4cbcece
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-1.1ubuntu1.5.04_amd64.deb
Size/MD5: 199468 aca7a9bb0dd0b286eba82014d3cbb0b8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-1.1ubuntu1.5.04_i386.deb
Size/MD5: 141060 71c2e67f310a0641b83f73c801174f76
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-1.1ubuntu1.5.04_i386.deb
Size/MD5: 329156 ee26bcd67da3925975e38fc73a26c71e
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-1.1ubuntu1.5.04_i386.deb
Size/MD5: 190724 98e8381effd02adcbc4358cf6890a882
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-1.1ubuntu1.5.04_i386.deb
Size/MD5: 330550 54689d29b260877e48c80d824cd384fe
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-1.1ubuntu1.5.04_i386.deb
Size/MD5: 193258 53e97869e636c7ff19a03123bb50cf69

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-1.1ubuntu1.5.04_powerpc.deb
Size/MD5: 150322 d47b3079e9403f954932b30b59ce2dc0
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-1.1ubuntu1.5.04_powerpc.deb
Size/MD5: 341558 0b936726f765f2a43b76c128d9dbd1e1
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-1.1ubuntu1.5.04_powerpc.deb
Size/MD5: 198802 cc4bdacf9c062630aa0abe0f603c21d7
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-1.1ubuntu1.5.04_powerpc.deb
Size/MD5: 344204 36df75287c80b2bfe6ce6e055e316686
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-1.1ubuntu1.5.04_powerpc.deb
Size/MD5: 200872 4986d671d0f86482e77fe8bfa9aa8570

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1=
=2E1ubuntu1.5.10.diff.gz
Size/MD5: 259538 2fe25e57080e57f04e996136400ce5ea
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-1=
=2E1ubuntu1.5.10.dsc
Size/MD5: 897 b0bc5f5e7621b5d22e25b51c829691b2
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.o=
rig.tar.gz
Size/MD5: 587617 be0a6d326cd8567e736fbc75df0a5c45

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.=
33-1.1ubuntu1.5.10_all.deb
Size/MD5: 128614 a80b952d55d3b613c43f2377c4ff609a
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.=
33-1.1ubuntu1.5.10_all.deb
Size/MD5: 128598 e1dd73bd47a61f18fcbc87b69732d888

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-1.1ubuntu1.5.10_amd64.deb
Size/MD5: 142034 5506ff14c3596c6e1b5626edd49d4e24
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-1.1ubuntu1.5.10_amd64.deb
Size/MD5: 339856 dad8ac889e8d7d31d5baa1a548fe6cdc
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-1.1ubuntu1.5.10_amd64.deb
Size/MD5: 198722 faf06f2f07dec2d2be64a12326960063
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-1.1ubuntu1.5.10_amd64.deb
Size/MD5: 341700 a11b339f5816689c3e11ea09e7ec6e5e
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-1.1ubuntu1.5.10_amd64.deb
Size/MD5: 200492 c438e2fd26e731a03b65a04620425a1c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-1.1ubuntu1.5.10_i386.deb
Size/MD5: 141228 a5964e70f6251e09fb3eacd04abaf09b
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-1.1ubuntu1.5.10_i386.deb
Size/MD5: 329714 d4d19de1fccacfb980f554f45f17edfa
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-1.1ubuntu1.5.10_i386.deb
Size/MD5: 191820 ede2bfb510890e79db42b3955d267d9d
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-1.1ubuntu1.5.10_i386.deb
Size/MD5: 330542 a455e8499053ce7ccecc43d5d5172bbf
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-1.1ubuntu1.5.10_i386.deb
Size/MD5: 193490 c4f8adc7781e6a9804ff3c61c953ab02

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-1.1ubuntu1.5.10_powerpc.deb
Size/MD5: 150512 be558294bf97e07ce4edbd255e6dc823
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-1.1ubuntu1.5.10_powerpc.deb
Size/MD5: 340942 0e94071ee7e99d59f266974e09d8abd8
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-1.1ubuntu1.5.10_powerpc.deb
Size/MD5: 198898 e63ecd801b7eab04628bab0021e3bc17
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-1.1ubuntu1.5.10_powerpc.deb
Size/MD5: 342876 c9331ca003b0d3106c2d8164a01c9c53
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-1.1ubuntu1.5.10_powerpc.deb
Size/MD5: 200400 cdc445bcc1bab8eddd77d77d8f335e93

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2=
ubuntu5.1.diff.gz
Size/MD5: 256319 844263f2600763f5bce839ed87b300cb
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2=
ubuntu5.1.dsc
Size/MD5: 967 b49061cd7ee4d1920ec4d98b41300258
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.o=
rig.tar.gz
Size/MD5: 587617 be0a6d326cd8567e736fbc75df0a5c45

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.=
33-2ubuntu5.1_all.deb
Size/MD5: 129252 014cbe434b45fa636394bbb695995ce6
http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.=
33-2ubuntu5.1_all.deb
Size/MD5: 129232 6b2cc0d4b6e9ed05977e137a43a263c3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-2ubuntu5.1_amd64.deb
Size/MD5: 142706 30511267d1dc92cd309282459ad8103f
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-2ubuntu5.1_amd64.deb
Size/MD5: 340652 3fcd2e908c99d777c52fe6db237ec665
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-2ubuntu5.1_amd64.deb
Size/MD5: 199526 1f1cbde5e0a7892e8da40241174fc0f8
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-2ubuntu5.1_amd64.deb
Size/MD5: 342460 c46ca3765670f7cb18e7bdc46ad9eb82
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-2ubuntu5.1_amd64.deb
Size/MD5: 201208 8c442dbc0de625f88de7c8c53dd01dd5

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-2ubuntu5.1_i386.deb
Size/MD5: 141674 ffa2557f8301fc1cb58cd43258f15f71
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-2ubuntu5.1_i386.deb
Size/MD5: 330368 180ecb6dba1e59da58ebdc5a41fa4c15
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-2ubuntu5.1_i386.deb
Size/MD5: 192360 be430c30f093dc9caef1ad10029a0b11
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-2ubuntu5.1_i386.deb
Size/MD5: 331192 3906f21c8fb193458aa75372ec9943ba
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-2ubuntu5.1_i386.deb
Size/MD5: 194164 ac5bc80c4f259b4a4542f01ab3c163a3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools=
_2.0.33-2ubuntu5.1_powerpc.deb
Size/MD5: 150838 f31a2cceec103f60dde86f2638b1515d
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-de=
v_2.0.33-2ubuntu5.1_powerpc.deb
Size/MD5: 341640 56793cc96d8d56549926ac3fea6a0a28
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.=
0.33-2ubuntu5.1_powerpc.deb
Size/MD5: 199554 a240b6f56e83254c4e19bb12ccd878e9
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_=
2.0.33-2ubuntu5.1_powerpc.deb
Size/MD5: 343552 65867cdf60f1192c9efcad170961a6f1
http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.=
33-2ubuntu5.1_powerpc.deb
Size/MD5: 201138 5308a316178a9600f265cb7d0138ab1a


--ULyIDA2m8JTe+TiX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEj8zoDecnbV4Fd/IRAlbwAKCrEXuc/qq2gpDwHfANrYKxWKUa5wCaAh1g
uFMopiRBYafNeM19VmAEdiE=
=SYAq
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_298_1_libgd2_vulnerability.html)