VUPEN Security - Fedora Security Update Fixes GD Code Execution and Denial of Service Issues / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes GD Code Execution and Denial of Service Issues

Title : Fedora Security Update Fixes GD Code Execution and Denial of Service Issues
VUPEN ID : VUPEN/ADV-2007-3209
CVE ID : CVE-2007-3472 - CVE-2007-3473 - CVE-2007-3474 - CVE-2007-3475 - CVE-2007-3476 - CVE-2007-3477 - CVE-2007-3478
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-20

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code. These issues are caused by errors in GD. For additional information, see : VUPEN/ADV-2007-2336

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

7ec90b5367033b13d592d86a30769f91ff353e89 SRPMS/gd-2.0.35-1.fc6.src.rpm
7ec90b5367033b13d592d86a30769f91ff353e89 noarch/gd-2.0.35-1.fc6.src.rpm
04d19be2cd0f4d99af6173f98a107cdb20c3b3b4 ppc/gd-devel-2.0.35-1.fc6.ppc.rpm
0649f623ebd277a86f5b595f2087176b41081e17 ppc/gd-2.0.35-1.fc6.ppc.rpm
9c1e46c10b95a36272110187f256138785404075 ppc/gd-progs-2.0.35-1.fc6.ppc.rpm
0d4196a2330be0ea7f01eb4b07fd3a61184b036e ppc/debug/gd-debuginfo-2.0.35-1.fc6.ppc.rpm
45200261eca7b6c0787b2ecc40895581539f3b4f x86_64/gd-progs-2.0.35-1.fc6.x86_64.rpm
3a360482e0507faf835b6dfdd3825cce06e8fd24 x86_64/gd-2.0.35-1.fc6.x86_64.rpm
4d1a83ad63ad2420296ad0da5b387bae8424ec46 x86_64/gd-devel-2.0.35-1.fc6.x86_64.rpm
c534466b3285b9077dc2434efcc249254edda687 x86_64/debug/gd-debuginfo-2.0.35-1.fc6.x86_64.rpm
89f03a7ea527e00a4760bf8573ba1599593d4401 i386/debug/gd-debuginfo-2.0.35-1.fc6.i386.rpm
0062e7759fd9cafb4ef16ee4d9b485fbd95d5ac7 i386/gd-progs-2.0.35-1.fc6.i386.rpm
c4466ad20dde160ddef6cfb6eafd85d3009c4dc5 i386/gd-2.0.35-1.fc6.i386.rpm
13689420c94f0566bc1f04c046752f5a9e1b17b4 i386/gd-devel-2.0.35-1.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/3209
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html

ChangeLog

2007-09-20 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations