MDKSA-2005:207 - Updated libungif packages fix various vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:207
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libungif
Date : November 9, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Several bugs have been discovered in the way libungif decodes GIF
images. These allow an attacker to create a carefully crafted GIF
image file in such a way that it could cause applications linked
with libungif to crash or execute arbitrary code when the file
is opened by the user.
The updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
7572b3ed1c8846b63e4cfe1b8894a32f 10.1/RPMS/libungif4-4.1.2-2.1.101mdk.i586.rpm
82bd5a5c751e078763c81220da64c423
10.1/RPMS/libungif4-devel-4.1.2-2.1.101mdk.i586.rpm
d6d48523f5e06df65ec15baa1bf2bddb
10.1/RPMS/libungif4-static-devel-4.1.2-2.1.101mdk.i586.rpm
c76166c5d8c0e9810a00eb0f43933fe2
10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.i586.rpm
37ddb151c6110d637ed6a98e198a1e53 10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
a47d1d8f03418e916294fa5713143150
x86_64/10.1/RPMS/lib64ungif4-4.1.2-2.1.101mdk.x86_64.rpm
eb9d79c3243fe189c0093bff6ea2fd35
x86_64/10.1/RPMS/lib64ungif4-devel-4.1.2-2.1.101mdk.x86_64.rpm
0f9a3c70ea330841b2449cc21a604d8c
x86_64/10.1/RPMS/lib64ungif4-static-devel-4.1.2-2.1.101mdk.x86_64.rpm
303c855118c6cd38dcd7419896e4c913
x86_64/10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.x86_64.rpm
37ddb151c6110d637ed6a98e198a1e53
x86_64/10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm
Mandriva Linux 10.2:
ebf8f6eb09d3114f9a761cc7f52cd8bb 10.2/RPMS/libungif4-4.1.3-1.1.102mdk.i586.rpm
88ae8d5c2248985eba52680873759f11
10.2/RPMS/libungif4-devel-4.1.3-1.1.102mdk.i586.rpm
3eca46cddca2d15bee06f5109cf5e287
10.2/RPMS/libungif4-static-devel-4.1.3-1.1.102mdk.i586.rpm
8586b759a2a6fafba49f29e23e4dae13
10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.i586.rpm
ae1821c6f0cb57991206c287bef87211 10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
4f64cf649de6ccf2e0343b3aae2157c5
x86_64/10.2/RPMS/lib64ungif4-4.1.3-1.1.102mdk.x86_64.rpm
69a3ea4a02abbdbba26977a1ed1f3392
x86_64/10.2/RPMS/lib64ungif4-devel-4.1.3-1.1.102mdk.x86_64.rpm
bd7441f6648425731a453c58b4b9cc63
x86_64/10.2/RPMS/lib64ungif4-static-devel-4.1.3-1.1.102mdk.x86_64.rpm
5a91547614f3716d7f8dd9bfdbc3fb6c
x86_64/10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.x86_64.rpm
ae1821c6f0cb57991206c287bef87211
x86_64/10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm
Mandriva Linux 2006.0:
24070dfd47ec6b55a64debfd348d9711
2006.0/RPMS/libungif4-4.1.3-1.1.20060mdk.i586.rpm
ce86d6f15aebb0f7c9a772f60414fa0f
2006.0/RPMS/libungif4-devel-4.1.3-1.1.20060mdk.i586.rpm
48fcbd7ac7f0463db1c031dca381c79b
2006.0/RPMS/libungif4-static-devel-4.1.3-1.1.20060mdk.i586.rpm
62edb8465eece3bf2d52a44d7cdaf870
2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.i586.rpm
377b356f789805ffd30b75620681df31
2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
8a1c2fdc518a898d1638f162dbcf0129
x86_64/2006.0/RPMS/lib64ungif4-4.1.3-1.1.20060mdk.x86_64.rpm
76150147149dbce7c1b6ea990f7bc737
x86_64/2006.0/RPMS/lib64ungif4-devel-4.1.3-1.1.20060mdk.x86_64.rpm
3fb2d95c03cb31ffd41d86786d3471a8
x86_64/2006.0/RPMS/lib64ungif4-static-devel-4.1.3-1.1.20060mdk.x86_64.rpm
775f7f489b5c289ffcdfe5bf005c4131
x86_64/2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.x86_64.rpm
377b356f789805ffd30b75620681df31
x86_64/2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm
Corporate Server 2.1:
936ee3114e416984e4aba756608a2802
corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.i586.rpm
f76d4814f118ca630bfdf44998d9d49d
corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.i586.rpm
fc5532eea180d6c31c0a9e41f2f2b5c9
corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.i586.rpm
b00eb0db117e0873d9e3727d8623019d
corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
b949a414676df894beff1f0bbd1cf8dd
x86_64/corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.x86_64.rpm
d688a956b50e58a390da4638c8d8552b
x86_64/corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.x86_64.rpm
d4b4ae8c4fbab006e11f732da4e94072
x86_64/corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.x86_64.rpm
b00eb0db117e0873d9e3727d8623019d
x86_64/corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm
Corporate 3.0:
100e1f0098e403f373246b40ad30a26c
corporate/3.0/RPMS/libungif4-4.1.0-23.1.C30mdk.i586.rpm
9395faa12299d659e1c21f0710e68d0d
corporate/3.0/RPMS/libungif4-devel-4.1.0-23.1.C30mdk.i586.rpm
710f25082b1534ecaed8cd93e925b1ce
corporate/3.0/RPMS/libungif4-static-devel-4.1.0-23.1.C30mdk.i586.rpm
f1457fe0f7af89d2c4b91b7234264106
corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
4c2dcc592be1b52254a942cfa0771cf9
x86_64/corporate/3.0/RPMS/lib64ungif4-4.1.0-23.1.C30mdk.x86_64.rpm
fb7420250a7444c44da3f142a2ffe206
x86_64/corporate/3.0/RPMS/lib64ungif4-devel-4.1.0-23.1.C30mdk.x86_64.rpm
b876da48e6fa314cd5f735619d5325ef
x86_64/corporate/3.0/RPMS/lib64ungif4-static-devel-4.1.0-23.1.C30mdk.x86_64.rpm
f1457fe0f7af89d2c4b91b7234264106
x86_64/corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDcnHamqjQ0CJFipgRAjz+AJ0fjnANDCTPTdvfQWok+vQpdTkpcQCeN4fk
nIl7CpNguWyFcs8x8vqGGJA=
=0sZZ
-----END PGP SIGNATURE-----