-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0038
Package names: gd, mutt
Summary: Multiple vulnerabilities
Date: 2006-06-30
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
gd
gd is a graphics library. It allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and write out the result as a PNG or
JPEG file. This is particularly useful in World Wide Web applications,
where PNG and JPEG are two of the formats accepted for inline images
by most browsers.
mutt
Mutt is a text mode mail user agent. Mutt supports color, threading,
arbitrary key remapping, and a lot of customization.
Problem description:
gd < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Xavier Roche has discovered a vulnerability in the GD
Graphics Library, caused due to an infinite loop error within the
handling of GIF images. This can be exploited to consume a large
amount of CPU resources when the "gdImageCreateFromGifPtr()" function
is used with a specially crafted GIF image.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-2906 to this issue.
mutt < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: TAKAHASHI Tamotsu has reported a vulnerability in Mutt,
caused due to a boundary error within the "browse_get_namespace()"
function in browse.c. This can be exploited to cause a stack-based
buffer overflow when processing an overly long namespace from the
IMAP server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-3242 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
The advisory itself is available from the errata pages at
and
or directly at
MD5sums of the packages:
- --------------------------------------------------------------------------
34bef8c8af2b250ef3c16db8abcb2490 3.0/rpms/gd-2.0.33-6tr.i586.rpm
b413ac3dc36af6341dbd4214bb27a8c2 3.0/rpms/gd-devel-2.0.33-6tr.i586.rpm
8b75107eeaf83ccd3f55ae07be757293 3.0/rpms/gd-utils-2.0.33-6tr.i586.rpm
7eb7a0d947267c44cc72a32e49c25c08 3.0/rpms/mutt-1.4.2.1-9tr.i586.rpm
fbdee8303f23a53a79fc5c2f00f6657f 2.2/rpms/gd-2.0.33-4tr.i586.rpm
ccf7905a8cc10e99b4769b10f4874a28 2.2/rpms/gd-devel-2.0.33-4tr.i586.rpm
60aae1745fa79d5f59c98c7910a53944 2.2/rpms/gd-utils-2.0.33-4tr.i586.rpm
74f020614c7948fddff127dc3f6ff5e8 2.2/rpms/mutt-1.4.2.1-5tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEpP/ii8CEzsK9IksRAnmGAKChgnVo+MVTpXJmbVhwNx9SBG2rmwCgiSPY
XuATJJYCn/lqE8qp2HWvemI=
=X6E5
-----END PGP SIGNATURE-----