English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60051
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-557-1 (libgd2)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to libgd2
announced via advisory USN-557-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Mattias Bengtsson and Philip Olausson discovered that the GD
library did not properly perform bounds checking when creating
images. An attacker could send specially crafted input to
applications linked against libgd2 and cause a denial of service
or possibly execute arbitrary code.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libgd2-noxpm 2.0.33-2ubuntu5.3
libgd2-xpm 2.0.33-2ubuntu5.3

Ubuntu 6.10:
libgd2-noxpm 2.0.33-4ubuntu2.2
libgd2-xpm 2.0.33-4ubuntu2.2

Ubuntu 7.04:
libgd2-noxpm 2.0.34~
rc1-2ubuntu1.2
libgd2-xpm 2.0.34~
rc1-2ubuntu1.2

Ubuntu 7.10:
libgd2-noxpm 2.0.34-1ubuntu1.1
libgd2-xpm 2.0.34-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-557-1

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3996
Debian Security Information: DSA-1613 (Google Search)
http://www.debian.org/security/2008/dsa-1613
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://security.gentoo.org/glsa/glsa-200712-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147
http://www.redhat.com/support/errata/RHSA-2007-0888.html
RedHat Security Advisories: RHSA-2007:0889
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://www.redhat.com/support/errata/RHSA-2007-0890.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
http://secunia.com/advisories/26642
http://secunia.com/advisories/26822
http://secunia.com/advisories/26838
http://secunia.com/advisories/26871
http://secunia.com/advisories/26895
http://secunia.com/advisories/26930
http://secunia.com/advisories/26967
http://secunia.com/advisories/27102
http://secunia.com/advisories/27351
http://secunia.com/advisories/27377
http://secunia.com/advisories/27545
http://secunia.com/advisories/28009
http://secunia.com/advisories/28147
http://secunia.com/advisories/28658
http://secunia.com/advisories/31168
http://securityreason.com/securityalert/3103
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-557-1
http://www.vupen.com/english/advisories/2007/3023
XForce ISS Database: php-gdimagecopyresized-bo(36383)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36383
XForce ISS Database: php-gdimagecreate-bo(36382)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36382
Common Vulnerability Exposure (CVE) ID: CVE-2007-5584
BugTraq ID: 26941
http://www.securityfocus.com/bid/26941
Cisco Security Advisory: 20071219 Application Inspection Vulnerability in Cisco Firewall Services Module
http://www.cisco.com/en/US/products/products_security_advisory09186a008091b11d.shtml
http://www.osvdb.org/39298
http://www.securitytracker.com/id?1019120
http://secunia.com/advisories/28175
http://www.vupen.com/english/advisories/2007/4270
XForce ISS Database: cisco-fwsm-control-plane-dos(39135)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39135
Common Vulnerability Exposure (CVE) ID: CVE-2007-6349
BugTraq ID: 26806
http://www.securityfocus.com/bid/26806
Bugtraq: 20071218 SYMSA-2007-015 (Google Search)
http://www.securityfocus.com/archive/1/485321/100/0/threaded
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-015.txt
http://www.osvdb.org/39297
http://secunia.com/advisories/28158
http://securityreason.com/securityalert/3476
XForce ISS Database: p4web-contentlength-dos(39142)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39142
Common Vulnerability Exposure (CVE) ID: CVE-2007-6335
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26927
http://www.securityfocus.com/bid/26927
Debian Security Information: DSA-1435 (Google Search)
http://www.debian.org/security/2007/dsa-1435
https://www.exploit-db.com/exploits/4862
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html
http://security.gentoo.org/glsa/glsa-200712-20.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
http://www.mandriva.com/security/advisories?name=MDVSA-2008:003
http://www.securitytracker.com/id?1019112
http://secunia.com/advisories/28117
http://secunia.com/advisories/28153
http://secunia.com/advisories/28176
http://secunia.com/advisories/28278
http://secunia.com/advisories/28412
http://secunia.com/advisories/28421
http://secunia.com/advisories/28587
http://secunia.com/advisories/29420
SuSE Security Announcement: SUSE-SR:2008:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
http://www.vupen.com/english/advisories/2007/4253
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: clamantivirus-libclamav-mewpe-bo(39119)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39119
Common Vulnerability Exposure (CVE) ID: CVE-2007-6336
BugTraq ID: 26946
http://www.securityfocus.com/bid/26946
http://securitytracker.com/id?1019150
XForce ISS Database: clamantivirus-mszip-bo(39169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39169
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.