<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:207 - Updated libungif packages fix various vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:207
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libungif
 Date    : November 9, 2005
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Several bugs have been discovered in the way libungif decodes GIF 
 images.  These allow an attacker to create a carefully crafted GIF 
 image file in such a way that it could cause applications linked 
 with libungif to crash or execute arbitrary code when the file
 is opened by the user. 
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 7572b3ed1c8846b63e4cfe1b8894a32f  10.1/RPMS/libungif4-4.1.2-2.1.101mdk.i586.rpm
 82bd5a5c751e078763c81220da64c423  
10.1/RPMS/libungif4-devel-4.1.2-2.1.101mdk.i586.rpm
 d6d48523f5e06df65ec15baa1bf2bddb  
10.1/RPMS/libungif4-static-devel-4.1.2-2.1.101mdk.i586.rpm
 c76166c5d8c0e9810a00eb0f43933fe2  
10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.i586.rpm
 37ddb151c6110d637ed6a98e198a1e53  10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 a47d1d8f03418e916294fa5713143150  
x86_64/10.1/RPMS/lib64ungif4-4.1.2-2.1.101mdk.x86_64.rpm
 eb9d79c3243fe189c0093bff6ea2fd35  
x86_64/10.1/RPMS/lib64ungif4-devel-4.1.2-2.1.101mdk.x86_64.rpm
 0f9a3c70ea330841b2449cc21a604d8c  
x86_64/10.1/RPMS/lib64ungif4-static-devel-4.1.2-2.1.101mdk.x86_64.rpm
 303c855118c6cd38dcd7419896e4c913  
x86_64/10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.x86_64.rpm
 37ddb151c6110d637ed6a98e198a1e53  
x86_64/10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 ebf8f6eb09d3114f9a761cc7f52cd8bb  10.2/RPMS/libungif4-4.1.3-1.1.102mdk.i586.rpm
 88ae8d5c2248985eba52680873759f11  
10.2/RPMS/libungif4-devel-4.1.3-1.1.102mdk.i586.rpm
 3eca46cddca2d15bee06f5109cf5e287  
10.2/RPMS/libungif4-static-devel-4.1.3-1.1.102mdk.i586.rpm
 8586b759a2a6fafba49f29e23e4dae13  
10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.i586.rpm
 ae1821c6f0cb57991206c287bef87211  10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 4f64cf649de6ccf2e0343b3aae2157c5  
x86_64/10.2/RPMS/lib64ungif4-4.1.3-1.1.102mdk.x86_64.rpm
 69a3ea4a02abbdbba26977a1ed1f3392  
x86_64/10.2/RPMS/lib64ungif4-devel-4.1.3-1.1.102mdk.x86_64.rpm
 bd7441f6648425731a453c58b4b9cc63  
x86_64/10.2/RPMS/lib64ungif4-static-devel-4.1.3-1.1.102mdk.x86_64.rpm
 5a91547614f3716d7f8dd9bfdbc3fb6c  
x86_64/10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.x86_64.rpm
 ae1821c6f0cb57991206c287bef87211  
x86_64/10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 24070dfd47ec6b55a64debfd348d9711  
2006.0/RPMS/libungif4-4.1.3-1.1.20060mdk.i586.rpm
 ce86d6f15aebb0f7c9a772f60414fa0f  
2006.0/RPMS/libungif4-devel-4.1.3-1.1.20060mdk.i586.rpm
 48fcbd7ac7f0463db1c031dca381c79b  
2006.0/RPMS/libungif4-static-devel-4.1.3-1.1.20060mdk.i586.rpm
 62edb8465eece3bf2d52a44d7cdaf870  
2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.i586.rpm
 377b356f789805ffd30b75620681df31  
2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8a1c2fdc518a898d1638f162dbcf0129  
x86_64/2006.0/RPMS/lib64ungif4-4.1.3-1.1.20060mdk.x86_64.rpm
 76150147149dbce7c1b6ea990f7bc737  
x86_64/2006.0/RPMS/lib64ungif4-devel-4.1.3-1.1.20060mdk.x86_64.rpm
 3fb2d95c03cb31ffd41d86786d3471a8  
x86_64/2006.0/RPMS/lib64ungif4-static-devel-4.1.3-1.1.20060mdk.x86_64.rpm
 775f7f489b5c289ffcdfe5bf005c4131  
x86_64/2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.x86_64.rpm
 377b356f789805ffd30b75620681df31  
x86_64/2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm

 Corporate Server 2.1:
 936ee3114e416984e4aba756608a2802  
corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.i586.rpm
 f76d4814f118ca630bfdf44998d9d49d  
corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.i586.rpm
 fc5532eea180d6c31c0a9e41f2f2b5c9  
corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.i586.rpm
 b00eb0db117e0873d9e3727d8623019d  
corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b949a414676df894beff1f0bbd1cf8dd  
x86_64/corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.x86_64.rpm
 d688a956b50e58a390da4638c8d8552b  
x86_64/corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.x86_64.rpm
 d4b4ae8c4fbab006e11f732da4e94072  
x86_64/corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.x86_64.rpm
 b00eb0db117e0873d9e3727d8623019d  
x86_64/corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm

 Corporate 3.0:
 100e1f0098e403f373246b40ad30a26c  
corporate/3.0/RPMS/libungif4-4.1.0-23.1.C30mdk.i586.rpm
 9395faa12299d659e1c21f0710e68d0d  
corporate/3.0/RPMS/libungif4-devel-4.1.0-23.1.C30mdk.i586.rpm
 710f25082b1534ecaed8cd93e925b1ce  
corporate/3.0/RPMS/libungif4-static-devel-4.1.0-23.1.C30mdk.i586.rpm
 f1457fe0f7af89d2c4b91b7234264106  
corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 4c2dcc592be1b52254a942cfa0771cf9  
x86_64/corporate/3.0/RPMS/lib64ungif4-4.1.0-23.1.C30mdk.x86_64.rpm
 fb7420250a7444c44da3f142a2ffe206  
x86_64/corporate/3.0/RPMS/lib64ungif4-devel-4.1.0-23.1.C30mdk.x86_64.rpm
 b876da48e6fa314cd5f735619d5325ef  
x86_64/corporate/3.0/RPMS/lib64ungif4-static-devel-4.1.0-23.1.C30mdk.x86_64.rpm
 f1457fe0f7af89d2c4b91b7234264106  
x86_64/corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDcnHamqjQ0CJFipgRAjz+AJ0fjnANDCTPTdvfQWok+vQpdTkpcQCeN4fk
nIl7CpNguWyFcs8x8vqGGJA=
=0sZZ
-----END PGP SIGNATURE-----