P-071: Updated "gd" Packages

P-071: Updated "gd" Packages Privacy and Legal Notice INFORMATION BULLETIN P-071: Updated "gd" Packages [Red Hat Advisory: RHSA-2004:638-13] December 17, 2004 19:00 GMT
[REVISED 18 Jan 2005]
[REVISED 26 May 2005]
[REVISED 23 Jun 2005]
[REVISED 2 Feb 2006]


PROBLEM:	The "gd" packages contain a graphics library used for the dynamic creation of images such as PNG and JPEG. Buffer overflows were found in various memory allocation calls.
PLATFORM:	Red Hat Enterprise AS, ES, and WS (all v.3) & (v. 4) Red Hat Enterprise AS, ES, and WS (all v.2.1) Red Hat Desktop (v.3) & (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI ProPack 3 Service Pack 3 for SGI Altix family of systems SGI ProPack 3 Service Pack 5 for SGI Altix family of systems
DAMAGE:	An attacker could execute arbitrary code.
SOLUTION:	Upgrade to Red Hat's latest packages.

VULNERABILITY ASSESSMENT:	The risk is MEDIUM. By creating a malicious image file, an attacker could execute arbitrary code with the permissions of the targeted user.

LINKS:
CIAC BULLETIN:	http://www.ciac.org/ciac/bulletins/p-071.shtml
ORIGINAL BULLETIN:	https://rhn.redhat.com/errata/RHSA-2004-638.html
ADDITIONAL LINKS:	Also see CIAC BULLETIN P-033 SGI Security Advisory Number 20050101-01-U ftp://patches.sgi.com/support/free/security/advisories/20050101-01-U.asc
	SGI Security Advisory Number 20050602-01-U ftp://patches.sgi.com/support/free/security/advisories/20050602-01-U.asc
	Red Hat RHSA-2006:0194-4 https://rhn.redhat.com/errata/RHSA-2006-0194.html
CVE/CAN:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0941 CAN-2004-0990

REVISION HISTORY:
01/18/2005 - added link to updated packages for SGI ProPack 3 Service Pack 3 
             for SGI Altix family of systems, available in SGI Security
             Advisory Number 20050101-01-U.
05/26/2005 - revised to replace the Red Hat Bulletin, RHSA-2004:638-09 with a 
             revised RHSA-2004:638-13.
06/23/2005 - added link to SGI Advanced Linux Environment security update #39,
             Number: 20050602-01-U that provides patches for SGI ProPack 3 Service 
             Pack 5 for SGI Altix family of systems.
02/02/2006 - revised to include a link to Red Hat RHSA-2006:0194-4 for Red Hat 
             Desktop (v. 4), Red Hat Enterprise AS, ES, WS (v. 4).

		 

[***** Start Red Hat Advisory: RHSA-2004:638-13 *****]

Updated gd packages fix security issues
Advisory: RHSA-2004:638-13 
Type: Security Advisory 
Issued on: 2005-05-26 
Last updated on: 2005-05-26 
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 
CVEs (cve.mitre.org): CAN-2004-0941
CAN-2004-0990
 


Details
Updated gd packages that fix security issues with overflow in various 
memory allocation calls are now available. 

[Updated 24 May 2005] 
Multilib packages have been added to this advisory

The gd packages contain a graphics library used for the dynamic creation of 
images such as PNG and JPEG. 

Several buffer overflows were reported in various memory allocation calls. 
An attacker could create a carefully crafted image file in such a way that 
it could cause ImageMagick to execute arbitrary code when processing the 
image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2004-0990 to these issues. 

While researching the fixes to these overflows, additional buffer overflows 
were discovered in calls to gdMalloc. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941 to 
these issues. 

Users of gd should upgrade to these updated packages, which contain a 
backported security patch, and are not vulnerable to these issues.



Solution
Before applying this update, make sure that all previously-released 
errata relevant to your system have been applied. Use Red Hat 
Network to download and update your packages. To launch the Red Hat 
Update Agent, use the following command: 

up2date 

For information on how to install packages manually, refer to the 
following Web page for the System Administration or Customization 
guide specific to your system: 

http://www.redhat.com/docs/manuals/enterprise/


Updated packages
Red Hat Desktop (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-12.3.1.src.rpm     6a074a9b46c1c433fb6379ddd7ffa39c 
  
IA-32: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-devel-1.8.4-12.3.1.i386.rpm     d5b6b426e2e06f02a3d0e5f3180cf33c 
gd-progs-1.8.4-12.3.1.i386.rpm     a8f4b292b1ef66452790e4dd2648c7a2 
  
x86_64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.x86_64.rpm     7cbaf334f370e69a009cc3e173bd43b2 
gd-devel-1.8.4-12.3.1.x86_64.rpm     6e28767d002c70958e5f1f38a5420d0a 
gd-progs-1.8.4-12.3.1.x86_64.rpm     003ce60cef5006f3c495aff9e767f4e2 
  
Red Hat Enterprise Linux AS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-4.21.1.src.rpm     0398a5a807dee5b9e50305be0e41c46f 
  
IA-32: 
gd-1.8.4-4.21.1.i386.rpm     32f90ee0ee49fbaa0e9d83c32d773d44 
gd-devel-1.8.4-4.21.1.i386.rpm     ba50f74a3c45ceb6c6994fd16dd97846 
gd-progs-1.8.4-4.21.1.i386.rpm     e6cd529cd117dc14073f011a7cf35631 
  
IA-64: 
gd-1.8.4-4.21.1.ia64.rpm     f3415f854fcc70689d9487386c5f5497 
gd-devel-1.8.4-4.21.1.ia64.rpm     3db197bc13dfc65b6debfc4e14eed791 
gd-progs-1.8.4-4.21.1.ia64.rpm     a4f021b229c4b4d9710888b06fa0b57c 
  
Red Hat Enterprise Linux AS (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-12.3.1.src.rpm     6a074a9b46c1c433fb6379ddd7ffa39c 
  
IA-32: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-devel-1.8.4-12.3.1.i386.rpm     d5b6b426e2e06f02a3d0e5f3180cf33c 
gd-progs-1.8.4-12.3.1.i386.rpm     a8f4b292b1ef66452790e4dd2648c7a2 
  
IA-64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.ia64.rpm     ca3b5794089578356666c672355ad71f 
gd-devel-1.8.4-12.3.1.ia64.rpm     839ca9fd43bd92ec9bcbd324954f71e5 
gd-progs-1.8.4-12.3.1.ia64.rpm     7c0174f34dbe662e8852e1ffe25d8372 
  
PPC: 
gd-1.8.4-12.3.1.ppc.rpm     11c259e294f22220dad62674e7a54210 
gd-1.8.4-12.3.1.ppc64.rpm     14428761748a25bd003674b116def010 
gd-devel-1.8.4-12.3.1.ppc.rpm     67456fab43a1b9d601c62a54a446be27 
gd-progs-1.8.4-12.3.1.ppc.rpm     2f900edcde2c6771bd82ce414133717b 
  
s390: 
gd-1.8.4-12.3.1.s390.rpm     568eaf1ea4294befde060da07c4812c7 
gd-devel-1.8.4-12.3.1.s390.rpm     4873cab38494fc574740b645d5673e33 
gd-progs-1.8.4-12.3.1.s390.rpm     336923033fdc04176a0279d9127570a3 
  
s390x: 
gd-1.8.4-12.3.1.s390.rpm     568eaf1ea4294befde060da07c4812c7 
gd-1.8.4-12.3.1.s390x.rpm     adc06b68372a7d7bf375bbd88867b9af 
gd-devel-1.8.4-12.3.1.s390x.rpm     cd195ca8593ec6404d01c82be4db5c47 
gd-progs-1.8.4-12.3.1.s390x.rpm     83f844555bdeb93f28c30e00fe2cf90d 
  
x86_64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.x86_64.rpm     7cbaf334f370e69a009cc3e173bd43b2 
gd-devel-1.8.4-12.3.1.x86_64.rpm     6e28767d002c70958e5f1f38a5420d0a 
gd-progs-1.8.4-12.3.1.x86_64.rpm     003ce60cef5006f3c495aff9e767f4e2 
  
Red Hat Enterprise Linux ES (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-4.21.1.src.rpm     0398a5a807dee5b9e50305be0e41c46f 
  
IA-32: 
gd-1.8.4-4.21.1.i386.rpm     32f90ee0ee49fbaa0e9d83c32d773d44 
gd-devel-1.8.4-4.21.1.i386.rpm     ba50f74a3c45ceb6c6994fd16dd97846 
gd-progs-1.8.4-4.21.1.i386.rpm     e6cd529cd117dc14073f011a7cf35631 
  
Red Hat Enterprise Linux ES (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-12.3.1.src.rpm     6a074a9b46c1c433fb6379ddd7ffa39c 
  
IA-32: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-devel-1.8.4-12.3.1.i386.rpm     d5b6b426e2e06f02a3d0e5f3180cf33c 
gd-progs-1.8.4-12.3.1.i386.rpm     a8f4b292b1ef66452790e4dd2648c7a2 
  
IA-64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.ia64.rpm     ca3b5794089578356666c672355ad71f 
gd-devel-1.8.4-12.3.1.ia64.rpm     839ca9fd43bd92ec9bcbd324954f71e5 
gd-progs-1.8.4-12.3.1.ia64.rpm     7c0174f34dbe662e8852e1ffe25d8372 
  
x86_64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.x86_64.rpm     7cbaf334f370e69a009cc3e173bd43b2 
gd-devel-1.8.4-12.3.1.x86_64.rpm     6e28767d002c70958e5f1f38a5420d0a 
gd-progs-1.8.4-12.3.1.x86_64.rpm     003ce60cef5006f3c495aff9e767f4e2 
  
Red Hat Enterprise Linux WS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-4.21.1.src.rpm     0398a5a807dee5b9e50305be0e41c46f 
  
IA-32: 
gd-1.8.4-4.21.1.i386.rpm     32f90ee0ee49fbaa0e9d83c32d773d44 
gd-devel-1.8.4-4.21.1.i386.rpm     ba50f74a3c45ceb6c6994fd16dd97846 
gd-progs-1.8.4-4.21.1.i386.rpm     e6cd529cd117dc14073f011a7cf35631 
  
Red Hat Enterprise Linux WS (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-12.3.1.src.rpm     6a074a9b46c1c433fb6379ddd7ffa39c 
  
IA-32: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-devel-1.8.4-12.3.1.i386.rpm     d5b6b426e2e06f02a3d0e5f3180cf33c 
gd-progs-1.8.4-12.3.1.i386.rpm     a8f4b292b1ef66452790e4dd2648c7a2 
  
IA-64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.ia64.rpm     ca3b5794089578356666c672355ad71f 
gd-devel-1.8.4-12.3.1.ia64.rpm     839ca9fd43bd92ec9bcbd324954f71e5 
gd-progs-1.8.4-12.3.1.ia64.rpm     7c0174f34dbe662e8852e1ffe25d8372 
  
x86_64: 
gd-1.8.4-12.3.1.i386.rpm     0277cba330cefb9ab1ebea7f15fa32c8 
gd-1.8.4-12.3.1.x86_64.rpm     7cbaf334f370e69a009cc3e173bd43b2 
gd-devel-1.8.4-12.3.1.x86_64.rpm     6e28767d002c70958e5f1f38a5420d0a 
gd-progs-1.8.4-12.3.1.x86_64.rpm     003ce60cef5006f3c495aff9e767f4e2 
  
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 

--------------------------------------------------------------------------------
 
SRPMS: 
gd-1.8.4-4.21.1.src.rpm     0398a5a807dee5b9e50305be0e41c46f 
  
IA-64: 
gd-1.8.4-4.21.1.ia64.rpm     f3415f854fcc70689d9487386c5f5497 
gd-devel-1.8.4-4.21.1.ia64.rpm     3db197bc13dfc65b6debfc4e14eed791 
gd-progs-1.8.4-4.21.1.ia64.rpm     a4f021b229c4b4d9710888b06fa0b57c 
  
(The unlinked packages above are only available from the Red Hat Network)
 


Bugs fixed (see bugzilla for more information)
137246 - CAN-2004-0990 integer overflow in PNG handling.
138808 - CAN-2004-0941 additional overflows in gd



References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0990



Keywords
buffer, gd, gdCalloc, gdMalloc, gdRealloc, overflow 


--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how 
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package 

The Red Hat security contact is secalert@redhat.com. More contact details at 
http://www.redhat.com/security/team/contact/


[***** End Red Hat Advisory: RHSA-2004:638-13 *****]

CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the information contained in this bulletin.

DOE-CIRC can be contacted at:

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/