libgd graphics library remedies security holes [Update]
Among other things the just released version 2.0.34 of the libgd graphics library takes care of a number of vulnerabilities. The developers urgently advise users to update. libgd is used on many Web servers to process images via PHP, for instance.
The release notes do not indicate whether a flaw recently make public by a Ubuntu developer in the font handling in gdImageStringFTEx() has also been remedied. A buffer overflow caused by this would at the very least cause a system to crash and possibly allow external code to be executed -- but this has not been proven.
Update:
Apparently the font handling bug (CVE-2007-0455) has also been fixed in this release, as can be seen in the News file. (Thanks to Pierre who wrote in to tell us about this.)
(ju)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
