Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66296
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1936-1 (libgd2)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to libgd2
announced via advisory DSA 1936-1.

Several vulnerabilities have been discovered in libgd2, a library for
programmatic graphics creation and manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-0455

Kees Cook discovered a buffer overflow in libgd2's font renderer. An
attacker could cause denial of service (application crash) and
possibly execute arbitrary code via a crafted string with a JIS
encoded font. This issue only affects the oldstable distribution
(etch).

CVE-2009-3546

Tomas Hoger discovered a boundary error in the _gdGetColors()
function. An attacker could conduct a buffer overflow or buffer
over-read attacks via a crafted GD file.

For the oldstable distribution (etch), these problems have been fixed in
version 2.0.33-5.2etch2.

For the stable distribution (lenny), these problems have been fixed in
version 2.0.36~
rc1~
dfsg-3+lenny1.

For the upcoming stable distribution (squeeze) and the unstable
distribution ion (sid), these problems have been fixed in version
2.0.36~
rc1~
dfsg-3.1.

We recommend that you upgrade your libgd2 packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201936-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0455
BugTraq ID: 22289
http://www.securityfocus.com/bid/22289
Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/466166/100/0/threaded
http://fedoranews.org/cms/node/2631
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303
http://www.redhat.com/support/errata/RHSA-2007-0153.html
RedHat Security Advisories: RHSA-2007:0155
http://rhn.redhat.com/errata/RHSA-2007-0155.html
http://www.redhat.com/support/errata/RHSA-2007-0162.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://secunia.com/advisories/23916
http://secunia.com/advisories/24022
http://secunia.com/advisories/24052
http://secunia.com/advisories/24053
http://secunia.com/advisories/24107
http://secunia.com/advisories/24143
http://secunia.com/advisories/24151
http://secunia.com/advisories/24924
http://secunia.com/advisories/24945
http://secunia.com/advisories/24965
http://secunia.com/advisories/25575
http://secunia.com/advisories/29157
http://secunia.com/advisories/42813
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-473-1
http://www.vupen.com/english/advisories/2007/0400
http://www.vupen.com/english/advisories/2011/0022
Common Vulnerability Exposure (CVE) ID: CVE-2009-3546
BugTraq ID: 36712
http://www.securityfocus.com/bid/36712
http://www.mandriva.com/security/advisories?name=MDVSA-2009:285
http://marc.info/?l=oss-security&m=125562113503923&w=2
http://www.openwall.com/lists/oss-security/2009/11/20/5
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199
http://www.redhat.com/support/errata/RHSA-2010-0003.html
http://secunia.com/advisories/37069
http://secunia.com/advisories/37080
http://secunia.com/advisories/38055
http://www.vupen.com/english/advisories/2009/2929
http://www.vupen.com/english/advisories/2009/2930
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.