Skip to navigation

Security Advisory Important: giflib security update

Advisory: RHSA-2009:0444-1
Type: Security Advisory
Severity: Important
Issued on: 2009-04-22
Last updated on: 2009-04-22
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
CVEs (cve.mitre.org): CVE-2005-2974
CVE-2005-3350

Details

Updated giflib packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The giflib packages contain a shared library of functions for loading and
saving GIF image files. This library is API and ABI compatible with
libungif, the library that supported uncompressed GIF image files while the
Unisys LZW patent was in effect.

Several flaws were discovered in the way giflib decodes GIF images. An
attacker could create a carefully crafted GIF image that could cause an
application using giflib to crash or, possibly, execute arbitrary code when
opened by a victim. (CVE-2005-2974, CVE-2005-3350)

All users of giflib are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications using giflib must be restarted for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 4220ac3a9df58a143c39bc4d52311c5a
 
x86_64:
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 7ee92b6311469adc4a3ec0e94badbf82
 
Red Hat Enterprise Linux (v. 5 server)
IA-32:
giflib-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 3ed9564f84abfb4ff6ac376d28b50354
 
IA-64:
giflib-4.1.3-7.1.el5_3.1.ia64.rpm
File outdated by:  RHBA-2011:0398		     MD5: d13ff2400cb16aad049369d08b466ab6
giflib-devel-4.1.3-7.1.el5_3.1.ia64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 2a877c026f345cbc2d85e96d8ea7f2cb
giflib-utils-4.1.3-7.1.el5_3.1.ia64.rpm
File outdated by:  RHBA-2011:0398		     MD5: d2ca5d007cce59bce4b2487ee10e98ae
 
PPC:
giflib-4.1.3-7.1.el5_3.1.ppc.rpm
File outdated by:  RHBA-2011:0398		     MD5: 9b1cb5d15774b57eea2d8d70262773e0
giflib-4.1.3-7.1.el5_3.1.ppc64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 6f44834729e1b9233f5ae40bb359b49c
giflib-devel-4.1.3-7.1.el5_3.1.ppc.rpm
File outdated by:  RHBA-2011:0398		     MD5: 429cffba1d08dd4a50294b299f7c0be7
giflib-devel-4.1.3-7.1.el5_3.1.ppc64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 2dfb4821c8d2101e81991e3fa100f8d2
giflib-utils-4.1.3-7.1.el5_3.1.ppc.rpm
File outdated by:  RHBA-2011:0398		     MD5: f89c741674e84546183f9dec17cd544a
 
s390x:
giflib-4.1.3-7.1.el5_3.1.s390.rpm
File outdated by:  RHBA-2011:0398		     MD5: a005fb2cb7c2d803d802fb21185fac97
giflib-4.1.3-7.1.el5_3.1.s390x.rpm
File outdated by:  RHBA-2011:0398		     MD5: 29d8376bbe62a13dad46f48ed09ffeff
giflib-devel-4.1.3-7.1.el5_3.1.s390.rpm
File outdated by:  RHBA-2011:0398		     MD5: d1dedb1f650055f11149f2466f63ab18
giflib-devel-4.1.3-7.1.el5_3.1.s390x.rpm
File outdated by:  RHBA-2011:0398		     MD5: 8d5d26b4d9c829ac97f83daddf20a925
giflib-utils-4.1.3-7.1.el5_3.1.s390x.rpm
File outdated by:  RHBA-2011:0398		     MD5: d4e0b74ee273afe2376021ba7321aeb3
 
x86_64:
giflib-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 57b262dad1c1adbbd0d9285ba729f520
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 7ee92b6311469adc4a3ec0e94badbf82
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 29b92b6c6f45d0c3f414143822e2b5e7
 
Red Hat Enterprise Linux Desktop (v. 5 client)
IA-32:
giflib-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 3ed9564f84abfb4ff6ac376d28b50354
 
x86_64:
giflib-4.1.3-7.1.el5_3.1.i386.rpm
File outdated by:  RHBA-2011:0398		     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 57b262dad1c1adbbd0d9285ba729f520
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2011:0398		     MD5: 29b92b6c6f45d0c3f414143822e2b5e7
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
IA-32:
giflib-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 3ed9564f84abfb4ff6ac376d28b50354
 
IA-64:
giflib-4.1.3-7.1.el5_3.1.ia64.rpm     MD5: d13ff2400cb16aad049369d08b466ab6
giflib-devel-4.1.3-7.1.el5_3.1.ia64.rpm     MD5: 2a877c026f345cbc2d85e96d8ea7f2cb
giflib-utils-4.1.3-7.1.el5_3.1.ia64.rpm     MD5: d2ca5d007cce59bce4b2487ee10e98ae
 
PPC:
giflib-4.1.3-7.1.el5_3.1.ppc.rpm     MD5: 9b1cb5d15774b57eea2d8d70262773e0
giflib-4.1.3-7.1.el5_3.1.ppc64.rpm     MD5: 6f44834729e1b9233f5ae40bb359b49c
giflib-devel-4.1.3-7.1.el5_3.1.ppc.rpm     MD5: 429cffba1d08dd4a50294b299f7c0be7
giflib-devel-4.1.3-7.1.el5_3.1.ppc64.rpm     MD5: 2dfb4821c8d2101e81991e3fa100f8d2
giflib-utils-4.1.3-7.1.el5_3.1.ppc.rpm     MD5: f89c741674e84546183f9dec17cd544a
 
s390x:
giflib-4.1.3-7.1.el5_3.1.s390.rpm     MD5: a005fb2cb7c2d803d802fb21185fac97
giflib-4.1.3-7.1.el5_3.1.s390x.rpm     MD5: 29d8376bbe62a13dad46f48ed09ffeff
giflib-devel-4.1.3-7.1.el5_3.1.s390.rpm     MD5: d1dedb1f650055f11149f2466f63ab18
giflib-devel-4.1.3-7.1.el5_3.1.s390x.rpm     MD5: 8d5d26b4d9c829ac97f83daddf20a925
giflib-utils-4.1.3-7.1.el5_3.1.s390x.rpm     MD5: d4e0b74ee273afe2376021ba7321aeb3
 
x86_64:
giflib-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm     MD5: 57b262dad1c1adbbd0d9285ba729f520
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm     MD5: 7ee92b6311469adc4a3ec0e94badbf82
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm     MD5: 29b92b6c6f45d0c3f414143822e2b5e7
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)
IA-32:
giflib-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 3ed9564f84abfb4ff6ac376d28b50354
 
IA-64:
giflib-4.1.3-7.1.el5_3.1.ia64.rpm     MD5: d13ff2400cb16aad049369d08b466ab6
giflib-devel-4.1.3-7.1.el5_3.1.ia64.rpm     MD5: 2a877c026f345cbc2d85e96d8ea7f2cb
giflib-utils-4.1.3-7.1.el5_3.1.ia64.rpm     MD5: d2ca5d007cce59bce4b2487ee10e98ae
 
x86_64:
giflib-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 1c8f8743cfdd05fe16ee01b8fa1852d7
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm     MD5: 57b262dad1c1adbbd0d9285ba729f520
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm     MD5: 4220ac3a9df58a143c39bc4d52311c5a
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm     MD5: 7ee92b6311469adc4a3ec0e94badbf82
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm     MD5: 29b92b6c6f45d0c3f414143822e2b5e7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

494823 - CVE-2005-3350 giflib/libunfig: memory corruption via a crafted GIF
494826 - CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash


References

https://www.redhat.com/security/data/cve/CVE-2005-2974.html
https://www.redhat.com/security/data/cve/CVE-2005-3350.html
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/