LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: libungif security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated libungif packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: libungif security update
Advisory ID:       RHSA-2005:828-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-828.html
Issue date:        2005-11-03
Updated on:        2005-11-03
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-2974 CVE-2005-3350
- ---------------------------------------------------------------------

1. Summary:

Updated libungif packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The libungif package contains a shared library of functions for loading and
saving GIF format image files.

Several bugs in the way libungif decodes GIF images were discovered. An
attacker could create a carefully crafted GIF image file in such a way that
it could cause an application linked with libungif to crash or execute
arbitrary code when the file is opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the names CVE-2005-2974
and CVE-2005-3350 to these issues.

All users of libungif are advised to upgrade to these updated packages,
which contain backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

171413 - CVE-2005-2974 Several libungif issues (CVE-2005-3350)


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1  libungif-4.1.0-9.5.src.rpm

i386:
36acb8ed19d5c20d906a9508e8bf7305  libungif-4.1.0-9.5.i386.rpm
3a154e3dcc9b7e938d90843bdfe4b450  libungif-devel-4.1.0-9.5.i386.rpm
f27dd46b945755985280c26f22dee762  libungif-progs-4.1.0-9.5.i386.rpm

ia64:
b318e8b61a7ffe25754095412317092e  libungif-4.1.0-9.5.ia64.rpm
84a95d616bd748c8a9f08cd795cbead1  libungif-devel-4.1.0-9.5.ia64.rpm
2f34606d66720b885a6f72d1bc51e9a7  libungif-progs-4.1.0-9.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1  libungif-4.1.0-9.5.src.rpm

ia64:
b318e8b61a7ffe25754095412317092e  libungif-4.1.0-9.5.ia64.rpm
84a95d616bd748c8a9f08cd795cbead1  libungif-devel-4.1.0-9.5.ia64.rpm
2f34606d66720b885a6f72d1bc51e9a7  libungif-progs-4.1.0-9.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1  libungif-4.1.0-9.5.src.rpm

i386:
36acb8ed19d5c20d906a9508e8bf7305  libungif-4.1.0-9.5.i386.rpm
3a154e3dcc9b7e938d90843bdfe4b450  libungif-devel-4.1.0-9.5.i386.rpm
f27dd46b945755985280c26f22dee762  libungif-progs-4.1.0-9.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm
e56ab6dbd063ad9f7ce270d469e91fa1  libungif-4.1.0-9.5.src.rpm

i386:
36acb8ed19d5c20d906a9508e8bf7305  libungif-4.1.0-9.5.i386.rpm
3a154e3dcc9b7e938d90843bdfe4b450  libungif-devel-4.1.0-9.5.i386.rpm
f27dd46b945755985280c26f22dee762  libungif-progs-4.1.0-9.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff  libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3  libungif-devel-4.1.0-15.el3.3.i386.rpm

ia64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
2d633b6c29a30b31f1d43a4a16904cf9  libungif-4.1.0-15.el3.3.ia64.rpm
60774b099eced3d03b2fe545b329412b  libungif-devel-4.1.0-15.el3.3.ia64.rpm

ppc:
ceabdafb3ddbfd59ddcca8841a73b154  libungif-4.1.0-15.el3.3.ppc.rpm
8889b6269d28035e829f74b253650282  libungif-4.1.0-15.el3.3.ppc64.rpm
b2451ee8075934f12fed4546d0e0d432  libungif-devel-4.1.0-15.el3.3.ppc.rpm

s390:
d2ab90f1f5e711b715cb37a7f2bd8b69  libungif-4.1.0-15.el3.3.s390.rpm
7a3a9d5dd30cbfe3f00abdb2170ab856  libungif-devel-4.1.0-15.el3.3.s390.rpm

s390x:
d2ab90f1f5e711b715cb37a7f2bd8b69  libungif-4.1.0-15.el3.3.s390.rpm
b32cf8513df8dde6ed0196a6cdc808a3  libungif-4.1.0-15.el3.3.s390x.rpm
eac268049e3e0189aad33d8f9a7fba96  libungif-devel-4.1.0-15.el3.3.s390x.rpm

x86_64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb  libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4  libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff  libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3  libungif-devel-4.1.0-15.el3.3.i386.rpm

x86_64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb  libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4  libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff  libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3  libungif-devel-4.1.0-15.el3.3.i386.rpm

ia64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
2d633b6c29a30b31f1d43a4a16904cf9  libungif-4.1.0-15.el3.3.ia64.rpm
60774b099eced3d03b2fe545b329412b  libungif-devel-4.1.0-15.el3.3.ia64.rpm

x86_64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb  libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4  libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm
da8a62137ee54bdd7db5f1d54981d5ff  libungif-4.1.0-15.el3.3.src.rpm

i386:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
68ffa2a86da615dedf5a7ced4ff7baf3  libungif-devel-4.1.0-15.el3.3.i386.rpm

ia64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
2d633b6c29a30b31f1d43a4a16904cf9  libungif-4.1.0-15.el3.3.ia64.rpm
60774b099eced3d03b2fe545b329412b  libungif-devel-4.1.0-15.el3.3.ia64.rpm

x86_64:
164b768be58ab848de11b807e2965b09  libungif-4.1.0-15.el3.3.i386.rpm
97a4db4e1b075d498b419e226e4985fb  libungif-4.1.0-15.el3.3.x86_64.rpm
748454935fb5a2d99cfe13ac510e39e4  libungif-devel-4.1.0-15.el3.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd  libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811  libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4  libungif-progs-4.1.3-1.el4.2.i386.rpm

ia64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
aea54ec43692c8cff548e80dc816f404  libungif-4.1.3-1.el4.2.ia64.rpm
86c0a610b5294c673c075d6b345009c1  libungif-devel-4.1.3-1.el4.2.ia64.rpm
123867a704cdcbab79c5c9ba581e4c06  libungif-progs-4.1.3-1.el4.2.ia64.rpm

ppc:
5a6f7b590f2bfbd183704df45df12693  libungif-4.1.3-1.el4.2.ppc.rpm
893a3232c0eba8f05ebcdc312c127569  libungif-4.1.3-1.el4.2.ppc64.rpm
eaf656fe93aafcfb1dbea1a3e96b8d0e  libungif-devel-4.1.3-1.el4.2.ppc.rpm
b887c1101a8a2eb77ae1870663b0104b  libungif-progs-4.1.3-1.el4.2.ppc.rpm

s390:
d9e60023f796e9592c8ad6769994396a  libungif-4.1.3-1.el4.2.s390.rpm
85be309902a46d69331ed7cfbbbf77ac  libungif-devel-4.1.3-1.el4.2.s390.rpm
36c47021928a75b4f01cfff9ee70933a  libungif-progs-4.1.3-1.el4.2.s390.rpm

s390x:
d9e60023f796e9592c8ad6769994396a  libungif-4.1.3-1.el4.2.s390.rpm
174dbd3ff4ece6690f58e7141cead9a6  libungif-4.1.3-1.el4.2.s390x.rpm
f8206bece19a3880051bc6afea0bb16f  libungif-devel-4.1.3-1.el4.2.s390x.rpm
4cb4dea2bece5ec618b9e81ac205c984  libungif-progs-4.1.3-1.el4.2.s390x.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66  libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c  libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af  libungif-progs-4.1.3-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd  libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811  libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4  libungif-progs-4.1.3-1.el4.2.i386.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66  libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c  libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af  libungif-progs-4.1.3-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd  libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811  libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4  libungif-progs-4.1.3-1.el4.2.i386.rpm

ia64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
aea54ec43692c8cff548e80dc816f404  libungif-4.1.3-1.el4.2.ia64.rpm
86c0a610b5294c673c075d6b345009c1  libungif-devel-4.1.3-1.el4.2.ia64.rpm
123867a704cdcbab79c5c9ba581e4c06  libungif-progs-4.1.3-1.el4.2.ia64.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66  libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c  libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af  libungif-progs-4.1.3-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm
e241666690d657eeeaa5ead5b3bbfadd  libungif-4.1.3-1.el4.2.src.rpm

i386:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
0c3fd8a9ef630b0c463c1023f887d811  libungif-devel-4.1.3-1.el4.2.i386.rpm
1bda7d495675421af2e528244dff8ed4  libungif-progs-4.1.3-1.el4.2.i386.rpm

ia64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
aea54ec43692c8cff548e80dc816f404  libungif-4.1.3-1.el4.2.ia64.rpm
86c0a610b5294c673c075d6b345009c1  libungif-devel-4.1.3-1.el4.2.ia64.rpm
123867a704cdcbab79c5c9ba581e4c06  libungif-progs-4.1.3-1.el4.2.ia64.rpm

x86_64:
0f0bbddea36d3b7a54c4549c10486ed1  libungif-4.1.3-1.el4.2.i386.rpm
8b86bf10b45e74a2da545ff9a4841c66  libungif-4.1.3-1.el4.2.x86_64.rpm
43b1c3400e73db747c99a3cb8f78ad9c  libungif-devel-4.1.3-1.el4.2.x86_64.rpm
af5059a0c3ec86f9829002226ea8e9af  libungif-progs-4.1.3-1.el4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.