Test ID:	1.3.6.1.4.1.25623.1.0.50469
Category:	Ubuntu Local Security Checks
Title:	Ubuntu 4.10 USN-33-1 (libgd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libgd announced via advisory USN-33-1. CVE-2004-0990 described several buffer overflows which had been discovered in libgd's PNG handling functions. Another update is required because the update from USN-21-1 was not sufficient to prevent every possible attack. If an attacker tricks a user into loading a malicious PNG or XPM image, they could leverage this into executing arbitrary code in the context of the user opening image. This vulnerability might lead to privilege escalation in customized systems that use server applications which link libgd. However, Warty does not ship such server applications (PHP in Warty uses libgd2 which was already fixed in USN-25-1). The following packages are affected: libgd1-noxpm libgd1-xpm Solution: The problem can be corrected by upgrading the affected package to version 1.8.4-36ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2004-November/000035.html Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0941 BugTraq ID: 11663 http://www.securityfocus.com/bid/11663 Computer Incident Advisory Center Bulletin: P-071 http://www.ciac.org/ciac/bulletins/p-071.shtml Debian Security Information: DSA-601 (Google Search) http://www.debian.org/security/2004/dsa-601 http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195 http://www.redhat.com/support/errata/RHSA-2004-638.html http://www.redhat.com/support/errata/RHSA-2006-0194.html http://secunia.com/advisories/13179/ http://secunia.com/advisories/18686 http://secunia.com/advisories/20824 http://secunia.com/advisories/21050 http://www.trustix.org/errata/2004/0058 https://www.ubuntu.com/usn/usn-25-1/ https://www.ubuntu.com/usn/usn-33-1/ XForce ISS Database: gd-graphics-gdmalloc-bo(18048) https://exchange.xforce.ibmcloud.com/vulnerabilities/18048 Common Vulnerability Exposure (CVE) ID: CVE-2004-0990 BugTraq ID: 11523 http://www.securityfocus.com/bid/11523 Bugtraq: 20041026 libgd integer overflow (Google Search) http://marc.info/?l=bugtraq&m=109882489302099&w=2 Debian Security Information: DSA-589 (Google Search) http://www.debian.org/security/2004/dsa-589 Debian Security Information: DSA-591 (Google Search) http://www.debian.org/security/2004/dsa-591 Debian Security Information: DSA-602 (Google Search) http://www.debian.org/security/2004/dsa-602 http://www.mandriva.com/security/advisories?name=MDKSA-2004:132 http://www.osvdb.org/11190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952 http://secunia.com/advisories/18717 http://secunia.com/advisories/20866 http://secunia.com/advisories/23783 SuSE Security Announcement: SUSE-SR:2006:003 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html https://www.ubuntu.com/usn/usn-11-1/ XForce ISS Database: gd-png-bo(17866) https://exchange.xforce.ibmcloud.com/vulnerabilities/17866
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.