Skip to content

Security Advisory 中(Moderate): gd のセキュリティアップデート

アップデートID:

RHSA-2008:0146-2

タイプ:Security Advisory
重大性:中/Moderate
発行日:2008年2月28日
最終更新日:2008年2月28日
影響のある製品: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: https://rhn.redhat.com/errata/RHSA-2008-0146.html
CVEs (cve.mitre.org): CVE-2006-4484
CVE-2007-0455
CVE-2007-2756
CVE-2007-3472
CVE-2007-3473
CVE-2007-3475
CVE-2007-3476


詳細

fonts-monotypeパッケージに代わる新しいフォントパッケージであるliberation-fontsが、Red Hat Enterprise Linux 3 Update 9で利用可能になりました。

Liberation Fontは、3つの一般的なプロプライエタリ書体であるArial、Times New Roman、およびCourier Newに代わるメトリック互換の非プロプライエタリ書体です。

この新しいパッケージには、以下のの3つの書体が含まれています:

* Sans(Arial、Albany、Helvetica、Nimbus Sans L、およびBitstream Vera Sansに代わる書体)

* Serif(Times New Roman、Thorndale、Nimbus Roman、およびBitstream Vera Serifに代わる書体)

* Mono(Courier New、Cumberland、Courier、Nimbus Mono L、およびBitstream Vera Sans Monoに代わる書体)

fonts-monotypeパッケージ(Arial、Times New Roman、Courier Newに似たメトリックを持つ3つのプロプライエタリ書体、Albany、Thorndale、およびCumberlandを含む)からシームレスに移行できるように、liberation-fontsパッケージによってfonts-monotypeは廃止されます。そのため、liberation-fontsをインストールするとfonts-monotypeは削除されます。

非プロプライエタリ書体を利用するすべてのユーザは、上記の新規リリースパッケージをインストールしてください。


解決法


このアップデートを適用する前に、ご使用のシステムに関係するリリース済みのエラータ/Errataがすべて適用されていることを確認してください。

このアップデートは、Red Hat Networkを通じて入手できます。


アップデートパッケージ

RHEL Desktop Workstation (v. 5 client)
IA-32:
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
 
x86_64:
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm     3267d2a709da99cc0052117aa656ea43
 
Red Hat Desktop (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
gd-2.0.33-9.4.el5_1.1.src.rpm     f0e4620cb91d56075202623e551a37f1
 
IA-32:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm     bd2f2724e41950428851a33c1a55607e
 
IA-64:
gd-2.0.33-9.4.el5_1.1.ia64.rpm     e9e19edfe3432ea76d43f32878b855c4
gd-devel-2.0.33-9.4.el5_1.1.ia64.rpm     ba06995bdfc879861b70f2ba83301466
gd-progs-2.0.33-9.4.el5_1.1.ia64.rpm     ec130a2b192fc32ec628415a41dc616d
 
PPC:
gd-2.0.33-9.4.el5_1.1.ppc.rpm     2c13ab92192e7082258d95831188ca96
gd-2.0.33-9.4.el5_1.1.ppc64.rpm     bcd41d49699867591ed0d3bf68bbea49
gd-devel-2.0.33-9.4.el5_1.1.ppc.rpm     3dd4555de5a15842fd68f3708e522536
gd-devel-2.0.33-9.4.el5_1.1.ppc64.rpm     4bd72af55be1f020a0f7299150dfe2a0
gd-progs-2.0.33-9.4.el5_1.1.ppc.rpm     9c9cb9cf3d5ec0c411e3982e63a5be7c
 
s390x:
gd-2.0.33-9.4.el5_1.1.s390.rpm     e73d4f92b28e77b47c04d14bbf00bb6f
gd-2.0.33-9.4.el5_1.1.s390x.rpm     28175753e1bd00eb260accbbf182897c
gd-devel-2.0.33-9.4.el5_1.1.s390.rpm     418fcf703269fa9b15403961daa5c810
gd-devel-2.0.33-9.4.el5_1.1.s390x.rpm     7385ca899291062f717e931cb328ab2c
gd-progs-2.0.33-9.4.el5_1.1.s390x.rpm     d68f3b530972c43f38f353de97cefaa3
 
x86_64:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-2.0.33-9.4.el5_1.1.x86_64.rpm     b29a4a24f2951063e8aa72b9a8d0bc26
gd-devel-2.0.33-9.4.el5_1.1.i386.rpm     03c19796060246a35b0a8915b0e1dae1
gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm     3267d2a709da99cc0052117aa656ea43
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm     cfe63951e06b7727312b87ec51fbcb44
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
IA-64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.ia64.rpm     3e0998804d6fa2971a7009e413fc1a62
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm     00fee9a7f0d5fb3895b396aa405c3d6b
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm     b86e088896fc611ce3b0b4ad45223c39
 
PPC:
gd-2.0.28-5.4E.el4_6.1.ppc.rpm     1e19859bc14889fab2bd577bc45589e8
gd-2.0.28-5.4E.el4_6.1.ppc64.rpm     cfa0156ab28bf250bdd1390606408832
gd-devel-2.0.28-5.4E.el4_6.1.ppc.rpm     cd412c64b3efdf93a949a24d154755f0
gd-progs-2.0.28-5.4E.el4_6.1.ppc.rpm     acce2b9744b4f54b586d1d39ecd5c24c
 
s390:
gd-2.0.28-5.4E.el4_6.1.s390.rpm     10d129a6edbde55da07e79b56971553f
gd-devel-2.0.28-5.4E.el4_6.1.s390.rpm     ef2f17e5d320e94ee6883da56605680d
gd-progs-2.0.28-5.4E.el4_6.1.s390.rpm     c83187d298875f1e713fb606ed70cc7d
 
s390x:
gd-2.0.28-5.4E.el4_6.1.s390.rpm     10d129a6edbde55da07e79b56971553f
gd-2.0.28-5.4E.el4_6.1.s390x.rpm     249bf26e191eb3d06936da132a8c5b8c
gd-devel-2.0.28-5.4E.el4_6.1.s390x.rpm     8a56a4101d266cb83d5bb468d6b9e309
gd-progs-2.0.28-5.4E.el4_6.1.s390x.rpm     a753cba0d13a656d073406c45685dc22
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
gd-2.0.33-9.4.el5_1.1.src.rpm     f0e4620cb91d56075202623e551a37f1
 
IA-32:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-progs-2.0.33-9.4.el5_1.1.i386.rpm     bd2f2724e41950428851a33c1a55607e
 
x86_64:
gd-2.0.33-9.4.el5_1.1.i386.rpm     f1c14f2f1a7ea602efd39903c002c903
gd-2.0.33-9.4.el5_1.1.x86_64.rpm     b29a4a24f2951063e8aa72b9a8d0bc26
gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm     cfe63951e06b7727312b87ec51fbcb44
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
IA-64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.ia64.rpm     3e0998804d6fa2971a7009e413fc1a62
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm     00fee9a7f0d5fb3895b396aa405c3d6b
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm     b86e088896fc611ce3b0b4ad45223c39
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gd-2.0.28-5.4E.el4_6.1.src.rpm     65f4d62c6267d4de89098594de3f5261
 
IA-32:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm     9d4a4921efde0ddb590f8ae452df2c59
gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm     c28341562f9dd7dee598cf7c796d18f9
 
IA-64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.ia64.rpm     3e0998804d6fa2971a7009e413fc1a62
gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm     00fee9a7f0d5fb3895b396aa405c3d6b
gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm     b86e088896fc611ce3b0b4ad45223c39
 
x86_64:
gd-2.0.28-5.4E.el4_6.1.i386.rpm     a7d8042e7b7675c54a763f131eb35dd1
gd-2.0.28-5.4E.el4_6.1.x86_64.rpm     0ac40952984f11cc0ffb81921f2aae57
gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm     e60c40b143af53e2f13a3dfefabc8723
gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm     6971929444ad4555c175815bc411e644
 
(The unlinked packages above are only available from the Red Hat Network)


バグフィックス (詳細は、bugzilla/バグジラ[英語]を御覧ください。)

224607 - CVE-2007-0455 gd buffer overrun
242033 - CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
276751 - CVE-2007-3472 libgd Integer overflow in TrueColor code
276791 - CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
277181 - CVE-2007-3475 libgd Denial of service by GIF images without a global color map
277201 - CVE-2007-3476 libgd Denial of service by corrupted GIF images
431568 - CVE-2006-4484 gd: GIF handling buffer overflow


参照


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
http://www.redhat.com/security/updates/classification/#moderate


ここに在るパッケージはセキュリティの為、Red Hat, Inc. によって、GPG認証されています。
認証キー及び詳細は以下を御覧下さい。
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/