RHSA-2005:828-01 Important: libungif security update
Posted on: 11/03/2005 08:12 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: libungif security update
Advisory ID: RHSA-2005:828-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-828.html
Issue date: 2005-11-03
Updated on: 2005-11-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2974 CVE-2005-3350
- ---------------------------------------------------------------------

1. Summary:

Updated libungif packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The libungif package contains a shared library of functions for loading and
saving GIF format image files.

Several bugs in the way libungif decodes GIF images were discovered. An
attacker could create a carefully crafted GIF image file in such a way that
it could cause an application linked with libungif to crash or execute
arbitrary code when the file is opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the names CVE-2005-2974
and CVE-2005-3350 to these issues.

All users of libungif are advised to upgrade to these updated packages,
which contain backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

171413 - CVE-2005-2974 Several libungif issues (CVE-2005-3350)


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm

i386:
36acb8ed19d5c20d906a9508e8bf7305 libungif-4.1.0-9.5.i386.rpm
3a154e3dcc9b7e938d90843bdfe4b450 libungif-devel-4.1.0-9.5.i386.rpm
f27dd46b945755985280c26f22dee762 libungif-progs-4.1.0-9.5.i386.rpm

ia64:
b318e8b61a7ffe25754095412317092e libungif-4.1.0-9.5.ia64.rpm
84a95d616bd748c8a9f08cd795cbead1 libungif-devel-4.1.0-9.5.ia64.rpm
2f34606d66720b885a6f72d1bc51e9a7 libungif-progs-4.1.0-9.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm

ia64:
b318e8b61a7ffe25754095412317092e libungif-4.1.0-9.5.ia64.rpm
84a95d616bd748c8a9f08cd795cbead1 libungif-devel-4.1.0-9.5.ia64.rpm
2f34606d66720b885a6f72d1bc51e9a7 libungif-progs-4.1.0-9.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm

i386:
36acb8ed19d5c20d906a9508e8bf7305 libungif-4.1.0-9.5.i386.rpm
3a154e3dcc9b7e938d90843bdfe4b450 libungif-devel-4.1.0-9.5.i386.rpm
f27dd46b945755985280c26f22dee762 libungif-progs-4.1.0-9.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm

i386:
36acb8ed19d5c20d906a9508e8bf7305 libungif-4.1.0-9.5.i386.rpm
3a154e3dcc9b7e938d90843bdfe4b450 libungif-devel-4.1.0-9.5.i386.rpm
f27dd46b945755985280c26f22dee762 libungif-progs-4.1.0-9.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm

ia64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
2d633b6c29a30b31f1d43a4a16904cf9 libungif-4.1.0-15.el3.3.ia64.rpm
60774b099eced3d03b2fe545b329412b libungif-devel-4.1.0-15.el3.3.ia64.rpm

ppc:
ceabdafb3ddbfd59ddcca8841a73b154 libungif-4.1.0-15.el3.3.ppc.rpm
8889b6269d28035e829f74b253650282 libungif-4.1.0-15.el3.3.ppc64.rpm
b2451ee8075934f12fed4546d0e0d432 libungif-devel-4.1.0-15.el3.3.ppc.rpm

s390:
d2ab90f1f5e711b715cb37a7f2bd8b69 libungif-4.1.0-15.el3.3.s390.rpm
7a3a9d5dd30cbfe3f00abdb2170ab856 libungif-devel-4.1.0-15.el3.3.s390.rpm

s390x:
d2ab90f1f5e711b715cb37a7f2bd8b69 libungif-4.1.0-15.el3.3.s390.rpm
b32cf8513df8dde6ed0196a6cdc808a3 libungif-4.1.0-15.el3.3.s390x.rpm
eac268049e3e0189aad33d8f9a7fba96 libungif-devel-4.1.0-15.el3.3.s390x.rpm

x86_64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm

x86_64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm

ia64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
2d633b6c29a30b31f1d43a4a16904cf9 libungif-4.1.0-15.el3.3.ia64.rpm
60774b099eced3d03b2fe545b329412b libungif-devel-4.1.0-15.el3.3.ia64.rpm

x86_64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm

ia64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
2d633b6c29a30b31f1d43a4a16904cf9 libungif-4.1.0-15.el3.3.ia64.rpm
60774b099eced3d03b2fe545b329412b libungif-devel-4.1.0-15.el3.3.ia64.rpm

x86_64:
164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm

ia64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
aea54ec43692c8cff548e80dc816f404 libungif-4.1.3-1.el4.2.ia64.rpm
86c0a610b5294c673c075d6b345009c1 libungif-devel-4.1.3-1.el4.2.ia64.rpm
123867a704cdcbab79c5c9ba581e4c06 libungif-progs-4.1.3-1.el4.2.ia64.rpm

ppc:
5a6f7b590f2bfbd183704df45df12693 libungif-4.1.3-1.el4.2.ppc.rpm
893a3232c0eba8f05ebcdc312c127569 libungif-4.1.3-1.el4.2.ppc64.rpm
eaf656fe93aafcfb1dbea1a3e96b8d0e libungif-devel-4.1.3-1.el4.2.ppc.rpm
b887c1101a8a2eb77ae1870663b0104b libungif-progs-4.1.3-1.el4.2.ppc.rpm

s390:
d9e60023f796e9592c8ad6769994396a libungif-4.1.3-1.el4.2.s390.rpm
85be309902a46d69331ed7cfbbbf77ac libungif-devel-4.1.3-1.el4.2.s390.rpm
36c47021928a75b4f01cfff9ee70933a libungif-progs-4.1.3-1.el4.2.s390.rpm

s390x:
d9e60023f796e9592c8ad6769994396a libungif-4.1.3-1.el4.2.s390.rpm
174dbd3ff4ece6690f58e7141cead9a6 libungif-4.1.3-1.el4.2.s390x.rpm
f8206bece19a3880051bc6afea0bb16f libungif-devel-4.1.3-1.el4.2.s390x.rpm
4cb4dea2bece5ec618b9e81ac205c984 libungif-progs-4.1.3-1.el4.2.s390x.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm

ia64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
aea54ec43692c8cff548e80dc816f404 libungif-4.1.3-1.el4.2.ia64.rpm
86c0a610b5294c673c075d6b345009c1 libungif-devel-4.1.3-1.el4.2.ia64.rpm
123867a704cdcbab79c5c9ba581e4c06 libungif-progs-4.1.3-1.el4.2.ia64.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm

ia64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
aea54ec43692c8cff548e80dc816f404 libungif-4.1.3-1.el4.2.ia64.rpm
86c0a610b5294c673c075d6b345009c1 libungif-devel-4.1.3-1.el4.2.ia64.rpm
123867a704cdcbab79c5c9ba581e4c06 libungif-progs-4.1.3-1.el4.2.ia64.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDalryXlSAg2UNWIIRAokdAKCdkqEHnsSs6zW4sfNUwhbiT/kxwwCeIHR8
VSabVe2KHa06YrMi2F0jFKc=
=sRMC
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005828_01_important_libungif_security_update.html)