USN-214-1: libungif vulnerabilities
Posted on: 11/07/2005 07:52 PM

A new libungif vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-214-1 November 07, 2005
libungif4 vulnerabilities
CVE-2005-2974, CVE-2005-3350
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 4.10 (Breezy Badger)

The following packages are affected:

libungif4g

The problem can be corrected by upgrading the affected package to
version 4.1.0b1-6ubuntu0.1 (for Ubuntu 4.10), 4.1.3-1ubuntu0.1 (for
Ubuntu 5.04), or 4.1.3-2ubuntu0.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Chris Evans discovered several buffer overflows in the libungif
library. By tricking an user (or automated system) into processing a
specially crafted GIF image, this could be exploited to execute
arbitrary code with the privileges of the application using libungif.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.0b1-6ubuntu0.1.diff.gz
Size/MD5: 299066 b1e73895c7e0ad79c0e19e6cdc17e0a0
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.0b1-6ubuntu0.1.dsc
Size/MD5: 654 e77c0c985a9a69be2306521c68c90948
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.0b1.orig.tar.gz
Size/MD5: 351757 20d96eb90cf818a1da093614c44ad3e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.0b1-6ubuntu0.1_amd64.deb
Size/MD5: 220664 20b10d4a5722c313fb9087e9637d3932
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.0b1-6ubuntu0.1_amd64.deb
Size/MD5: 36512 7267a1987fbabd4933e000ccb1506db3
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.0b1-6ubuntu0.1_amd64.deb
Size/MD5: 52450 e518ccb9521345253a7195baf59d304c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.0b1-6ubuntu0.1_i386.deb
Size/MD5: 202984 f68d125ce049c9507756e83bad2549dc
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.0b1-6ubuntu0.1_i386.deb
Size/MD5: 34294 3b22cf5ce6d91f4f9f1c27e9a9ec6d75
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.0b1-6ubuntu0.1_i386.deb
Size/MD5: 51064 ce716cf26fdc0b27230dafea49d005c0

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.0b1-6ubuntu0.1_powerpc.deb
Size/MD5: 235062 acc2f9eb7dfc2a0f1e4551a2217fc579
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.0b1-6ubuntu0.1_powerpc.deb
Size/MD5: 36562 84f4b4a0ed7e5f5a35b9ac7789e70a3e
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.0b1-6ubuntu0.1_powerpc.deb
Size/MD5: 53420 c0b95884ad01a6ec49aa4a0fbbd71411

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-1ubuntu0.1.diff.gz
Size/MD5: 27712 4835a55c199b8bad795cb36ccd844b32
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-1ubuntu0.1.dsc
Size/MD5: 639 7a91eda1b7d0ec48c26f69518e6787f9
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz
Size/MD5: 569667 cb11e300347ad29e502abc6f56fd23df

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-1ubuntu0.1_amd64.deb
Size/MD5: 224438 efe72b94ed939de9b85e556e07fb228d
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-1ubuntu0.1_amd64.deb
Size/MD5: 41158 381aaff6c58f9402275bf37cf3c58abf
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-1ubuntu0.1_amd64.deb
Size/MD5: 57506 88918dea5ab32a782a8e1d731a4b4f24

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-1ubuntu0.1_i386.deb
Size/MD5: 206076 a81c6995f1e3ebbba7ce725171574b59
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-1ubuntu0.1_i386.deb
Size/MD5: 38928 8def52728fce5ef3fcaf3137c3cd2ce3
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-1ubuntu0.1_i386.deb
Size/MD5: 56194 474750d2fddcf82434a136014e1cb2d9

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-1ubuntu0.1_powerpc.deb
Size/MD5: 238938 f36748ba01f1527ef18be9ccf8c51456
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-1ubuntu0.1_powerpc.deb
Size/MD5: 41242 892f389e108ca0bfbe0346341c88817b
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-1ubuntu0.1_powerpc.deb
Size/MD5: 58440 ed9a1b67bcb7165b6cb4f70048c00ca4

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-2ubuntu0.1.diff.gz
Size/MD5: 27750 e53abb2025395d9dcbb2a957727bef30
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-2ubuntu0.1.dsc
Size/MD5: 639 f774bee9e108e9d70816c5cf7e6c0a35
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz
Size/MD5: 569667 cb11e300347ad29e502abc6f56fd23df

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-2ubuntu0.1_amd64.deb
Size/MD5: 221048 9b5a7710353c1f7f8d3ab3a91e6999be
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-2ubuntu0.1_amd64.deb
Size/MD5: 41432 bb6c5e694cf477407ea1d021f045854b
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-2ubuntu0.1_amd64.deb
Size/MD5: 57718 c248516545c8a1062c01397ea262703e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-2ubuntu0.1_i386.deb
Size/MD5: 207362 bb2048b13a24139776a3c6bed250f56f
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-2ubuntu0.1_i386.deb
Size/MD5: 38672 4f6a453cf554c8a246de612385b699a6
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-2ubuntu0.1_i386.deb
Size/MD5: 55668 dad0b983eda12741dc18ac6898d55559

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-2ubuntu0.1_powerpc.deb
Size/MD5: 240722 cfd899896a119fcabe2ffe06adeed4cb
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-2ubuntu0.1_powerpc.deb
Size/MD5: 41626 f4cb22787e4fdeb5f84c1e33e955091d
http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-2ubuntu0.1_powerpc.deb
Size/MD5: 58706 a52ba57b5c9a8e3028572da122dd5a47

--GPJrCs/72TxItFYR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDb490DecnbV4Fd/IRAs2lAKCaBeexuBVxQiYJdLarhywQWVCXMwCdFwk0
0IG8YI8lnio0eWpb+awmMro=
=EVwe
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_214_1_libungif_vulnerabilities.html)