LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated libungif packages fix various vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Several bugs have been discovered in the way libungif decodes GIF images.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:207
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libungif
 Date    : November 9, 2005
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Several bugs have been discovered in the way libungif decodes GIF 
 images.  These allow an attacker to create a carefully crafted GIF 
 image file in such a way that it could cause applications linked 
 with libungif to crash or execute arbitrary code when the file
 is opened by the user. 
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 7572b3ed1c8846b63e4cfe1b8894a32f  10.1/RPMS/libungif4-4.1.2-2.1.101mdk.i586.rpm
 82bd5a5c751e078763c81220da64c423  10.1/RPMS/libungif4-devel-4.1.2-2.1.101mdk.i586.rpm
 d6d48523f5e06df65ec15baa1bf2bddb  10.1/RPMS/libungif4-static-devel-4.1.2-2.1.101mdk.i586.rpm
 c76166c5d8c0e9810a00eb0f43933fe2  10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.i586.rpm
 37ddb151c6110d637ed6a98e198a1e53  10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 a47d1d8f03418e916294fa5713143150  x86_64/10.1/RPMS/lib64ungif4-4.1.2-2.1.101mdk.x86_64.rpm
 eb9d79c3243fe189c0093bff6ea2fd35  x86_64/10.1/RPMS/lib64ungif4-devel-4.1.2-2.1.101mdk.x86_64.rpm
 0f9a3c70ea330841b2449cc21a604d8c  x86_64/10.1/RPMS/lib64ungif4-static-devel-4.1.2-2.1.101mdk.x86_64.rpm
 303c855118c6cd38dcd7419896e4c913  x86_64/10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.x86_64.rpm
 37ddb151c6110d637ed6a98e198a1e53  x86_64/10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 ebf8f6eb09d3114f9a761cc7f52cd8bb  10.2/RPMS/libungif4-4.1.3-1.1.102mdk.i586.rpm
 88ae8d5c2248985eba52680873759f11  10.2/RPMS/libungif4-devel-4.1.3-1.1.102mdk.i586.rpm
 3eca46cddca2d15bee06f5109cf5e287  10.2/RPMS/libungif4-static-devel-4.1.3-1.1.102mdk.i586.rpm
 8586b759a2a6fafba49f29e23e4dae13  10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.i586.rpm
 ae1821c6f0cb57991206c287bef87211  10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 4f64cf649de6ccf2e0343b3aae2157c5  x86_64/10.2/RPMS/lib64ungif4-4.1.3-1.1.102mdk.x86_64.rpm
 69a3ea4a02abbdbba26977a1ed1f3392  x86_64/10.2/RPMS/lib64ungif4-devel-4.1.3-1.1.102mdk.x86_64.rpm
 bd7441f6648425731a453c58b4b9cc63  x86_64/10.2/RPMS/lib64ungif4-static-devel-4.1.3-1.1.102mdk.x86_64.rpm
 5a91547614f3716d7f8dd9bfdbc3fb6c  x86_64/10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.x86_64.rpm
 ae1821c6f0cb57991206c287bef87211  x86_64/10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 24070dfd47ec6b55a64debfd348d9711  2006.0/RPMS/libungif4-4.1.3-1.1.20060mdk.i586.rpm
 ce86d6f15aebb0f7c9a772f60414fa0f  2006.0/RPMS/libungif4-devel-4.1.3-1.1.20060mdk.i586.rpm
 48fcbd7ac7f0463db1c031dca381c79b  2006.0/RPMS/libungif4-static-devel-4.1.3-1.1.20060mdk.i586.rpm
 62edb8465eece3bf2d52a44d7cdaf870  2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.i586.rpm
 377b356f789805ffd30b75620681df31  2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8a1c2fdc518a898d1638f162dbcf0129  x86_64/2006.0/RPMS/lib64ungif4-4.1.3-1.1.20060mdk.x86_64.rpm
 76150147149dbce7c1b6ea990f7bc737  x86_64/2006.0/RPMS/lib64ungif4-devel-4.1.3-1.1.20060mdk.x86_64.rpm
 3fb2d95c03cb31ffd41d86786d3471a8  x86_64/2006.0/RPMS/lib64ungif4-static-devel-4.1.3-1.1.20060mdk.x86_64.rpm
 775f7f489b5c289ffcdfe5bf005c4131  x86_64/2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.x86_64.rpm
 377b356f789805ffd30b75620681df31  x86_64/2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm

 Corporate Server 2.1:
 936ee3114e416984e4aba756608a2802  corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.i586.rpm
 f76d4814f118ca630bfdf44998d9d49d  corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.i586.rpm
 fc5532eea180d6c31c0a9e41f2f2b5c9  corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.i586.rpm
 b00eb0db117e0873d9e3727d8623019d  corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b949a414676df894beff1f0bbd1cf8dd  x86_64/corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.x86_64.rpm
 d688a956b50e58a390da4638c8d8552b  x86_64/corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.x86_64.rpm
 d4b4ae8c4fbab006e11f732da4e94072  x86_64/corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.x86_64.rpm
 b00eb0db117e0873d9e3727d8623019d  x86_64/corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm

 Corporate 3.0:
 100e1f0098e403f373246b40ad30a26c  corporate/3.0/RPMS/libungif4-4.1.0-23.1.C30mdk.i586.rpm
 9395faa12299d659e1c21f0710e68d0d  corporate/3.0/RPMS/libungif4-devel-4.1.0-23.1.C30mdk.i586.rpm
 710f25082b1534ecaed8cd93e925b1ce  corporate/3.0/RPMS/libungif4-static-devel-4.1.0-23.1.C30mdk.i586.rpm
 f1457fe0f7af89d2c4b91b7234264106  corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 4c2dcc592be1b52254a942cfa0771cf9  x86_64/corporate/3.0/RPMS/lib64ungif4-4.1.0-23.1.C30mdk.x86_64.rpm
 fb7420250a7444c44da3f142a2ffe206  x86_64/corporate/3.0/RPMS/lib64ungif4-devel-4.1.0-23.1.C30mdk.x86_64.rpm
 b876da48e6fa314cd5f735619d5325ef  x86_64/corporate/3.0/RPMS/lib64ungif4-static-devel-4.1.0-23.1.C30mdk.x86_64.rpm
 f1457fe0f7af89d2c4b91b7234264106  x86_64/corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.