Synopsis:	Moderate: gd security update
Issue date:	2008-02-28
CVE Names:	CVE-2006-4484 CVE-2007-0455 CVE-2007-2756
                 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475
                 CVE-2007-3476

Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute code
with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)

An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges 
of the application using the gd library. (CVE-2007-3472)

A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)

A flaw was discovered in the gd PNG image handling code. A truncated PNG
image could cause an infinite loop in an application using the gd 
library. (CVE-2007-2756)

A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)

SL 4.x

     SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm
     i386:
gd-2.0.28-5.4E.el4_6.1.i386.rpm
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm
     x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm

SL 5.x

     SRPMS:
gd-2.0.33-9.4.el5_1.1.src.rpm
     i386:
gd-2.0.33-9.4.el5_1.1.i386.rpm
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm
     x86_64:
gd-2.0.33-9.4.el5_1.1.i386.rpm
gd-2.0.33-9.4.el5_1.1.x86_64.rpm
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm

-Connie Sieh
-Troy Dawson