Re: [Full-disclosure] [USN-515-1] t1lib vulnerability
Dear Kees Cook, CVE-2007-4033 is Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long argument to the imagepsloadfont function. Please, provide valid CVE entry. --Thursday, September 20, 2007, 12:18:02 AM, you wrote to [EMAIL PROTECTED]: KC === KC Ubuntu Security Notice USN-515-1 September 19, 2007 KC t1lib vulnerability KC CVE-2007-4033 KC === -- ~/ZARAZA http://securityvulns.com/ Sir Isaac Newton discovered an apple falling to the ground (Mark Twain) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [USN-515-1] t1lib vulnerability
Hi, On Fri, Sep 21, 2007 at 04:30:31PM +0400, 3APA3A wrote: CVE-2007-4033 is Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long argument to the imagepsloadfont function. Please, provide valid CVE entry. --Thursday, September 20, 2007, 12:18:02 AM, you wrote to [EMAIL PROTECTED]: KC === KC Ubuntu Security Notice USN-515-1 September 19, 2007 KC t1lib vulnerability KC CVE-2007-4033 KC === That is the correct CVE -- the true cause of the gd2 issue was in t1lib, not gd2: http://www.securityfocus.com/bid/25079/info -Kees -- Kees Cook signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-515-1] t1lib vulnerability
=== Ubuntu Security Notice USN-515-1 September 19, 2007 t1lib vulnerability CVE-2007-4033 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libt1-5 5.1.0-2ubuntu0.6.06.1 Ubuntu 6.10: libt1-5 5.1.0-2ubuntu0.6.10.1 Ubuntu 7.04: libt1-5 5.1.0-2ubuntu0.7.04.1 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/t1lib_5.1.0-2ubuntu0.6.06.1.diff.gz Size/MD5:13706 d9ce103e87af790c5225b09bb03d7385 http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/t1lib_5.1.0-2ubuntu0.6.06.1.dsc Size/MD5: 730 8de933312806448123594efa12bf5cc6 http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/t1lib_5.1.0.orig.tar.gz Size/MD5: 1838635 a05bed4aa63637052e60690ccde70421 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-doc_5.1.0-2ubuntu0.6.06.1_all.deb Size/MD5: 608928 07320bc9fab519b6cd8dbcd319b09d41 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-5_5.1.0-2ubuntu0.6.06.1_amd64.deb Size/MD5: 161724 ca9c66df61dae2f76375742d2530503f http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-dev_5.1.0-2ubuntu0.6.06.1_amd64.deb Size/MD5: 192954 cda5eca98bc7464350edb7d17ff3f279 http://security.ubuntu.com/ubuntu/pool/universe/t/t1lib/t1lib-bin_5.1.0-2ubuntu0.6.06.1_amd64.deb Size/MD5:59342 29ccd99dd546473f7fcc07f27f908606 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-5_5.1.0-2ubuntu0.6.06.1_i386.deb Size/MD5: 140408 0ec3be1685e83742033c0900a1b64a01 http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-dev_5.1.0-2ubuntu0.6.06.1_i386.deb Size/MD5: 165518 1a55f8734bbdc58151d9b4b17f46dfbe http://security.ubuntu.com/ubuntu/pool/universe/t/t1lib/t1lib-bin_5.1.0-2ubuntu0.6.06.1_i386.deb Size/MD5:53286 8e2c1031785c1a13190c6802a45ba063 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-5_5.1.0-2ubuntu0.6.06.1_powerpc.deb Size/MD5: 156412 53a5770038a14407944a86550e0a2fd2 http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-dev_5.1.0-2ubuntu0.6.06.1_powerpc.deb Size/MD5: 205980 8c2a48d82f12e8f7ec571854fcca3017 http://security.ubuntu.com/ubuntu/pool/universe/t/t1lib/t1lib-bin_5.1.0-2ubuntu0.6.06.1_powerpc.deb Size/MD5:54134 d78df8d6e9cdd9f3121386eb31dc3a1f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-5_5.1.0-2ubuntu0.6.06.1_sparc.deb Size/MD5: 152790 314234020da17d3e68fa69c38e0eb38b http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-dev_5.1.0-2ubuntu0.6.06.1_sparc.deb Size/MD5: 190472 d69c5aa2d085380b27da2ac72abacf66 http://security.ubuntu.com/ubuntu/pool/universe/t/t1lib/t1lib-bin_5.1.0-2ubuntu0.6.06.1_sparc.deb Size/MD5:55842 8610e26e19137d02180f7815576581b7 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/t1lib_5.1.0-2ubuntu0.6.10.1.diff.gz Size/MD5:13722 e6ab67a2a5bc7117870b14c1f4bb3369 http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/t1lib_5.1.0-2ubuntu0.6.10.1.dsc Size/MD5: 730 bc5cb1797c225c7c916acae84de33b48 http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/t1lib_5.1.0.orig.tar.gz Size/MD5: 1838635 a05bed4aa63637052e60690ccde70421 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-doc_5.1.0-2ubuntu0.6.10.1_all.deb Size/MD5: 608968 ef34d3b6c3c59710c19bc7e6641a2c20 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-5_5.1.0-2ubuntu0.6.10.1_amd64.deb Size/MD5: 159858 e603e28bd73fcff74a451eb6b57ff0bb http://security.ubuntu.com/ubuntu/pool/main/t/t1lib/libt1-dev_5.1.0-2ubuntu0.6.10.1_amd64.deb Size/MD5: 191042 2f1a62881dd960e18ff39768f244f9d2