Ubuntu Security Notice USN-298-1
14th June, 2006
libgd2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
Xavier Roche discovered that libgd's function for reading GIF image
data did not sufficiently verify its validity. Specially crafted GIF
images could cause an infinite loop which used up all available CPU
resources. Since libgd is often used in PHP and Perl web applications,
this could lead to a remote Denial of Service vulnerability.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- libgd2-xpm 2.0.33-2ubuntu5.1
- libgd2-noxpm 2.0.33-2ubuntu5.1
- Ubuntu 5.10:
- libgd2-xpm 2.0.33-1.1ubuntu1.5.10
- libgd2-noxpm 2.0.33-1.1ubuntu1.5.10
- Ubuntu 5.04:
- libgd2-xpm 2.0.33-1.1ubuntu1.5.04
- libgd2-noxpm 2.0.33-1.1ubuntu1.5.04
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.