From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:207 - Updated libungif packages fix various vulnerabilities
Message-Id: <E1Ea0pE-0000hz-Ae@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 09 Nov 2005 18:02:00 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:207
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libungif
Date : November 9, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Several bugs have been discovered in the way libungif decodes GIF
images. These allow an attacker to create a carefully crafted GIF
image file in such a way that it could cause applications linked
with libungif to crash or execute arbitrary code when the file
is opened by the user.
The updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
7572b3ed1c8846b63e4cfe1b8894a32f 10.1/RPMS/libungif4-4.1.2-2.1.101mdk.i586.rpm
82bd5a5c751e078763c81220da64c423 10.1/RPMS/libungif4-devel-4.1.2-2.1.101mdk.i586.rpm
d6d48523f5e06df65ec15baa1bf2bddb 10.1/RPMS/libungif4-static-devel-4.1.2-2.1.101mdk.i586.rpm
c76166c5d8c0e9810a00eb0f43933fe2 10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.i586.rpm
37ddb151c6110d637ed6a98e198a1e53 10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
a47d1d8f03418e916294fa5713143150 x86_64/10.1/RPMS/lib64ungif4-4.1.2-2.1.101mdk.x86_64.rpm
eb9d79c3243fe189c0093bff6ea2fd35 x86_64/10.1/RPMS/lib64ungif4-devel-4.1.2-2.1.101mdk.x86_64.rpm
0f9a3c70ea330841b2449cc21a604d8c x86_64/10.1/RPMS/lib64ungif4-static-devel-4.1.2-2.1.101mdk.x86_64.rpm
303c855118c6cd38dcd7419896e4c913 x86_64/10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.x86_64.rpm
37ddb151c6110d637ed6a98e198a1e53 x86_64/10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm
Mandriva Linux 10.2:
ebf8f6eb09d3114f9a761cc7f52cd8bb 10.2/RPMS/libungif4-4.1.3-1.1.102mdk.i586.rpm
88ae8d5c2248985eba52680873759f11 10.2/RPMS/libungif4-devel-4.1.3-1.1.102mdk.i586.rpm
3eca46cddca2d15bee06f5109cf5e287 10.2/RPMS/libungif4-static-devel-4.1.3-1.1.102mdk.i586.rpm
8586b759a2a6fafba49f29e23e4dae13 10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.i586.rpm
ae1821c6f0cb57991206c287bef87211 10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
4f64cf649de6ccf2e0343b3aae2157c5 x86_64/10.2/RPMS/lib64ungif4-4.1.3-1.1.102mdk.x86_64.rpm
69a3ea4a02abbdbba26977a1ed1f3392 x86_64/10.2/RPMS/lib64ungif4-devel-4.1.3-1.1.102mdk.x86_64.rpm
bd7441f6648425731a453c58b4b9cc63 x86_64/10.2/RPMS/lib64ungif4-static-devel-4.1.3-1.1.102mdk.x86_64.rpm
5a91547614f3716d7f8dd9bfdbc3fb6c x86_64/10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.x86_64.rpm
ae1821c6f0cb57991206c287bef87211 x86_64/10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm
Mandriva Linux 2006.0:
24070dfd47ec6b55a64debfd348d9711 2006.0/RPMS/libungif4-4.1.3-1.1.20060mdk.i586.rpm
ce86d6f15aebb0f7c9a772f60414fa0f 2006.0/RPMS/libungif4-devel-4.1.3-1.1.20060mdk.i586.rpm
48fcbd7ac7f0463db1c031dca381c79b 2006.0/RPMS/libungif4-static-devel-4.1.3-1.1.20060mdk.i586.rpm
62edb8465eece3bf2d52a44d7cdaf870 2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.i586.rpm
377b356f789805ffd30b75620681df31 2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
8a1c2fdc518a898d1638f162dbcf0129 x86_64/2006.0/RPMS/lib64ungif4-4.1.3-1.1.20060mdk.x86_64.rpm
76150147149dbce7c1b6ea990f7bc737 x86_64/2006.0/RPMS/lib64ungif4-devel-4.1.3-1.1.20060mdk.x86_64.rpm
3fb2d95c03cb31ffd41d86786d3471a8 x86_64/2006.0/RPMS/lib64ungif4-static-devel-4.1.3-1.1.20060mdk.x86_64.rpm
775f7f489b5c289ffcdfe5bf005c4131 x86_64/2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.x86_64.rpm
377b356f789805ffd30b75620681df31 x86_64/2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm
Corporate Server 2.1:
936ee3114e416984e4aba756608a2802 corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.i586.rpm
f76d4814f118ca630bfdf44998d9d49d corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.i586.rpm
fc5532eea180d6c31c0a9e41f2f2b5c9 corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.i586.rpm
b00eb0db117e0873d9e3727d8623019d corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
b949a414676df894beff1f0bbd1cf8dd x86_64/corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.x86_64.rpm
d688a956b50e58a390da4638c8d8552b x86_64/corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.x86_64.rpm
d4b4ae8c4fbab006e11f732da4e94072 x86_64/corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.x86_64.rpm
b00eb0db117e0873d9e3727d8623019d x86_64/corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm
Corporate 3.0:
100e1f0098e403f373246b40ad30a26c corporate/3.0/RPMS/libungif4-4.1.0-23.1.C30mdk.i586.rpm
9395faa12299d659e1c21f0710e68d0d corporate/3.0/RPMS/libungif4-devel-4.1.0-23.1.C30mdk.i586.rpm
710f25082b1534ecaed8cd93e925b1ce corporate/3.0/RPMS/libungif4-static-devel-4.1.0-23.1.C30mdk.i586.rpm
f1457fe0f7af89d2c4b91b7234264106 corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
4c2dcc592be1b52254a942cfa0771cf9 x86_64/corporate/3.0/RPMS/lib64ungif4-4.1.0-23.1.C30mdk.x86_64.rpm
fb7420250a7444c44da3f142a2ffe206 x86_64/corporate/3.0/RPMS/lib64ungif4-devel-4.1.0-23.1.C30mdk.x86_64.rpm
b876da48e6fa314cd5f735619d5325ef x86_64/corporate/3.0/RPMS/lib64ungif4-static-devel-4.1.0-23.1.C30mdk.x86_64.rpm
f1457fe0f7af89d2c4b91b7234264106 x86_64/corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDcnHamqjQ0CJFipgRAjz+AJ0fjnANDCTPTdvfQWok+vQpdTkpcQCeN4fk
nIl7CpNguWyFcs8x8vqGGJA=
=0sZZ
-----END PGP SIGNATURE-----