Test ID:	1.3.6.1.4.1.25623.1.0.51063
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2004:638
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2004:638. The gd packages contain a graphics library used for the dynamic creation of images such as PNG and JPEG. Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0990 to these issues. While researching the fixes to these overflows, additional buffer overflows were discovered in calls to gdMalloc. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0941 to these issues. Users of gd should upgrade to these updated packages, which contain a backported security patch, and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-638.html Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0941 BugTraq ID: 11663 http://www.securityfocus.com/bid/11663 Computer Incident Advisory Center Bulletin: P-071 http://www.ciac.org/ciac/bulletins/p-071.shtml Debian Security Information: DSA-601 (Google Search) http://www.debian.org/security/2004/dsa-601 http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195 http://www.redhat.com/support/errata/RHSA-2004-638.html http://www.redhat.com/support/errata/RHSA-2006-0194.html http://secunia.com/advisories/13179/ http://secunia.com/advisories/18686 http://secunia.com/advisories/20824 http://secunia.com/advisories/21050 http://www.trustix.org/errata/2004/0058 https://www.ubuntu.com/usn/usn-25-1/ https://www.ubuntu.com/usn/usn-33-1/ XForce ISS Database: gd-graphics-gdmalloc-bo(18048) https://exchange.xforce.ibmcloud.com/vulnerabilities/18048 Common Vulnerability Exposure (CVE) ID: CVE-2004-0990 BugTraq ID: 11523 http://www.securityfocus.com/bid/11523 Bugtraq: 20041026 libgd integer overflow (Google Search) http://marc.info/?l=bugtraq&m=109882489302099&w=2 Debian Security Information: DSA-589 (Google Search) http://www.debian.org/security/2004/dsa-589 Debian Security Information: DSA-591 (Google Search) http://www.debian.org/security/2004/dsa-591 Debian Security Information: DSA-602 (Google Search) http://www.debian.org/security/2004/dsa-602 http://www.mandriva.com/security/advisories?name=MDKSA-2004:132 http://www.osvdb.org/11190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952 http://secunia.com/advisories/18717 http://secunia.com/advisories/20866 http://secunia.com/advisories/23783 SuSE Security Announcement: SUSE-SR:2006:003 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html https://www.ubuntu.com/usn/usn-11-1/ XForce ISS Database: gd-png-bo(17866) https://exchange.xforce.ibmcloud.com/vulnerabilities/17866
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.