USN-557-1: GD library vulnerability

18 December 2007

libgd2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

  • libgd2

Details

Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
libgd2-noxpm - 2.0.34-1ubuntu1.1
libgd2-xpm - 2.0.34-1ubuntu1.1
Ubuntu 7.04
libgd2-noxpm - 2.0.34~rc1-2ubuntu1.2
libgd2-xpm - 2.0.34~rc1-2ubuntu1.2
Ubuntu 6.10
libgd2-noxpm - 2.0.33-4ubuntu2.2
libgd2-xpm - 2.0.33-4ubuntu2.2
Ubuntu 6.06 LTS
libgd2-noxpm - 2.0.33-2ubuntu5.3
libgd2-xpm - 2.0.33-2ubuntu5.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References