ports/130770: no update for php5-gd yet (CVE-2008-5498)
Stephan A. Rickauer
stephan.rickauer at startek.ch
Tue Jan 20 08:10:03 UTC 2009
>Number: 130770
>Category: ports
>Synopsis: no update for php5-gd yet (CVE-2008-5498)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 20 08:10:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Stephan A. Rickauer
>Release: 7.1
>Organization:
StarTek
>Environment:
FreeBSD srv3.startek.ch 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 08:58:24 UTC 2009 root at driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
see CVE-2008-5498 and http://www.securiteam.com/unixfocus/6G00Y0ANFU.html
FreeBSD port not updated:
# portsnap fetch && portsnap update
..
# cd /usr/ports/graphics/php5-gd/
# make
===> php5-gd-5.2.8 has known vulnerabilities:
=> php5-gd -- uninitialized memory information disclosure vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/58a3c266-db01-11dd-ae30-001cc0377035.html>
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/graphics/php5-gd.
*** Error code 1
Stop in /usr/ports/graphics/php5-gd.
>How-To-Repeat:
Install php5-gd port
>Fix:
According to http://www.milw0rm.com/exploits/7646 a correct fix could be:
file: php-x.y.z/ext/gd/libgd/gd.c
3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,
int clrBack, int ignoretransparent)
3130:{
3131: gdImagePtrpMidImg;
3132: gdImagePtrrotatedImg;
3133:
3134: if(src == NULL) {
3135: returnNULL;
3136: }
3137:+
3137:+ // Index check
3137:+ if (!src->truecolor)
3137:+ clrBack &= 0xff; // Just keep the first byte
3137:+
3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) {
3139: returnNULL;
3140: }
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list