Skip to navigation

Security Advisory libungif security update

Advisory: RHSA-2005:828-17
Type: Security Advisory
Severity: Important
Issued on: 2005-11-03
Last updated on: 2005-11-03
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-2974
CVE-2005-3350

Details

Updated libungif packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The libungif package contains a shared library of functions for loading and
saving GIF format image files.

Several bugs in the way libungif decodes GIF images were discovered. An
attacker could create a carefully crafted GIF image file in such a way that
it could cause an application linked with libungif to crash or execute
arbitrary code when the file is opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the names CVE-2005-2974
and CVE-2005-3350 to these issues.

All users of libungif are advised to upgrade to these updated packages,
which contain backported patches that resolve these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
libungif-4.1.0-15.el3.3.src.rpm     MD5: da8a62137ee54bdd7db5f1d54981d5ff
 
IA-32:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-devel-4.1.0-15.el3.3.i386.rpm     MD5: 68ffa2a86da615dedf5a7ced4ff7baf3
 
x86_64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.x86_64.rpm     MD5: 97a4db4e1b075d498b419e226e4985fb
libungif-devel-4.1.0-15.el3.3.x86_64.rpm     MD5: 748454935fb5a2d99cfe13ac510e39e4
 
Red Hat Desktop (v. 4)

SRPMS:
libungif-4.1.3-1.el4.2.src.rpm     MD5: e241666690d657eeeaa5ead5b3bbfadd
 
IA-32:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-devel-4.1.3-1.el4.2.i386.rpm     MD5: 0c3fd8a9ef630b0c463c1023f887d811
libungif-progs-4.1.3-1.el4.2.i386.rpm     MD5: 1bda7d495675421af2e528244dff8ed4
 
x86_64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.x86_64.rpm     MD5: 8b86bf10b45e74a2da545ff9a4841c66
libungif-devel-4.1.3-1.el4.2.x86_64.rpm     MD5: 43b1c3400e73db747c99a3cb8f78ad9c
libungif-progs-4.1.3-1.el4.2.x86_64.rpm     MD5: af5059a0c3ec86f9829002226ea8e9af
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
libungif-4.1.0-9.5.src.rpm     MD5: e56ab6dbd063ad9f7ce270d469e91fa1
 
IA-32:
libungif-4.1.0-9.5.i386.rpm     MD5: 36acb8ed19d5c20d906a9508e8bf7305
libungif-devel-4.1.0-9.5.i386.rpm     MD5: 3a154e3dcc9b7e938d90843bdfe4b450
libungif-progs-4.1.0-9.5.i386.rpm     MD5: f27dd46b945755985280c26f22dee762
 
IA-64:
libungif-4.1.0-9.5.ia64.rpm     MD5: b318e8b61a7ffe25754095412317092e
libungif-devel-4.1.0-9.5.ia64.rpm     MD5: 84a95d616bd748c8a9f08cd795cbead1
libungif-progs-4.1.0-9.5.ia64.rpm     MD5: 2f34606d66720b885a6f72d1bc51e9a7
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
libungif-4.1.0-15.el3.3.src.rpm     MD5: da8a62137ee54bdd7db5f1d54981d5ff
 
IA-32:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-devel-4.1.0-15.el3.3.i386.rpm     MD5: 68ffa2a86da615dedf5a7ced4ff7baf3
 
IA-64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.ia64.rpm     MD5: 2d633b6c29a30b31f1d43a4a16904cf9
libungif-devel-4.1.0-15.el3.3.ia64.rpm     MD5: 60774b099eced3d03b2fe545b329412b
 
PPC:
libungif-4.1.0-15.el3.3.ppc.rpm     MD5: ceabdafb3ddbfd59ddcca8841a73b154
libungif-4.1.0-15.el3.3.ppc64.rpm     MD5: 8889b6269d28035e829f74b253650282
libungif-devel-4.1.0-15.el3.3.ppc.rpm     MD5: b2451ee8075934f12fed4546d0e0d432
 
s390:
libungif-4.1.0-15.el3.3.s390.rpm     MD5: d2ab90f1f5e711b715cb37a7f2bd8b69
libungif-devel-4.1.0-15.el3.3.s390.rpm     MD5: 7a3a9d5dd30cbfe3f00abdb2170ab856
 
s390x:
libungif-4.1.0-15.el3.3.s390.rpm     MD5: d2ab90f1f5e711b715cb37a7f2bd8b69
libungif-4.1.0-15.el3.3.s390x.rpm     MD5: b32cf8513df8dde6ed0196a6cdc808a3
libungif-devel-4.1.0-15.el3.3.s390x.rpm     MD5: eac268049e3e0189aad33d8f9a7fba96
 
x86_64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.x86_64.rpm     MD5: 97a4db4e1b075d498b419e226e4985fb
libungif-devel-4.1.0-15.el3.3.x86_64.rpm     MD5: 748454935fb5a2d99cfe13ac510e39e4
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
libungif-4.1.3-1.el4.2.src.rpm     MD5: e241666690d657eeeaa5ead5b3bbfadd
 
IA-32:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-devel-4.1.3-1.el4.2.i386.rpm     MD5: 0c3fd8a9ef630b0c463c1023f887d811
libungif-progs-4.1.3-1.el4.2.i386.rpm     MD5: 1bda7d495675421af2e528244dff8ed4
 
IA-64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.ia64.rpm     MD5: aea54ec43692c8cff548e80dc816f404
libungif-devel-4.1.3-1.el4.2.ia64.rpm     MD5: 86c0a610b5294c673c075d6b345009c1
libungif-progs-4.1.3-1.el4.2.ia64.rpm     MD5: 123867a704cdcbab79c5c9ba581e4c06
 
PPC:
libungif-4.1.3-1.el4.2.ppc.rpm     MD5: 5a6f7b590f2bfbd183704df45df12693
libungif-4.1.3-1.el4.2.ppc64.rpm     MD5: 893a3232c0eba8f05ebcdc312c127569
libungif-devel-4.1.3-1.el4.2.ppc.rpm     MD5: eaf656fe93aafcfb1dbea1a3e96b8d0e
libungif-progs-4.1.3-1.el4.2.ppc.rpm     MD5: b887c1101a8a2eb77ae1870663b0104b
 
s390:
libungif-4.1.3-1.el4.2.s390.rpm     MD5: d9e60023f796e9592c8ad6769994396a
libungif-devel-4.1.3-1.el4.2.s390.rpm     MD5: 85be309902a46d69331ed7cfbbbf77ac
libungif-progs-4.1.3-1.el4.2.s390.rpm     MD5: 36c47021928a75b4f01cfff9ee70933a
 
s390x:
libungif-4.1.3-1.el4.2.s390.rpm     MD5: d9e60023f796e9592c8ad6769994396a
libungif-4.1.3-1.el4.2.s390x.rpm     MD5: 174dbd3ff4ece6690f58e7141cead9a6
libungif-devel-4.1.3-1.el4.2.s390x.rpm     MD5: f8206bece19a3880051bc6afea0bb16f
libungif-progs-4.1.3-1.el4.2.s390x.rpm     MD5: 4cb4dea2bece5ec618b9e81ac205c984
 
x86_64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.x86_64.rpm     MD5: 8b86bf10b45e74a2da545ff9a4841c66
libungif-devel-4.1.3-1.el4.2.x86_64.rpm     MD5: 43b1c3400e73db747c99a3cb8f78ad9c
libungif-progs-4.1.3-1.el4.2.x86_64.rpm     MD5: af5059a0c3ec86f9829002226ea8e9af
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
libungif-4.1.0-9.5.src.rpm     MD5: e56ab6dbd063ad9f7ce270d469e91fa1
 
IA-32:
libungif-4.1.0-9.5.i386.rpm     MD5: 36acb8ed19d5c20d906a9508e8bf7305
libungif-devel-4.1.0-9.5.i386.rpm     MD5: 3a154e3dcc9b7e938d90843bdfe4b450
libungif-progs-4.1.0-9.5.i386.rpm     MD5: f27dd46b945755985280c26f22dee762
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
libungif-4.1.0-15.el3.3.src.rpm     MD5: da8a62137ee54bdd7db5f1d54981d5ff
 
IA-32:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-devel-4.1.0-15.el3.3.i386.rpm     MD5: 68ffa2a86da615dedf5a7ced4ff7baf3
 
IA-64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.ia64.rpm     MD5: 2d633b6c29a30b31f1d43a4a16904cf9
libungif-devel-4.1.0-15.el3.3.ia64.rpm     MD5: 60774b099eced3d03b2fe545b329412b
 
x86_64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.x86_64.rpm     MD5: 97a4db4e1b075d498b419e226e4985fb
libungif-devel-4.1.0-15.el3.3.x86_64.rpm     MD5: 748454935fb5a2d99cfe13ac510e39e4
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
libungif-4.1.3-1.el4.2.src.rpm     MD5: e241666690d657eeeaa5ead5b3bbfadd
 
IA-32:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-devel-4.1.3-1.el4.2.i386.rpm     MD5: 0c3fd8a9ef630b0c463c1023f887d811
libungif-progs-4.1.3-1.el4.2.i386.rpm     MD5: 1bda7d495675421af2e528244dff8ed4
 
IA-64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.ia64.rpm     MD5: aea54ec43692c8cff548e80dc816f404
libungif-devel-4.1.3-1.el4.2.ia64.rpm     MD5: 86c0a610b5294c673c075d6b345009c1
libungif-progs-4.1.3-1.el4.2.ia64.rpm     MD5: 123867a704cdcbab79c5c9ba581e4c06
 
x86_64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.x86_64.rpm     MD5: 8b86bf10b45e74a2da545ff9a4841c66
libungif-devel-4.1.3-1.el4.2.x86_64.rpm     MD5: 43b1c3400e73db747c99a3cb8f78ad9c
libungif-progs-4.1.3-1.el4.2.x86_64.rpm     MD5: af5059a0c3ec86f9829002226ea8e9af
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
libungif-4.1.0-9.5.src.rpm     MD5: e56ab6dbd063ad9f7ce270d469e91fa1
 
IA-32:
libungif-4.1.0-9.5.i386.rpm     MD5: 36acb8ed19d5c20d906a9508e8bf7305
libungif-devel-4.1.0-9.5.i386.rpm     MD5: 3a154e3dcc9b7e938d90843bdfe4b450
libungif-progs-4.1.0-9.5.i386.rpm     MD5: f27dd46b945755985280c26f22dee762
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
libungif-4.1.0-15.el3.3.src.rpm     MD5: da8a62137ee54bdd7db5f1d54981d5ff
 
IA-32:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-devel-4.1.0-15.el3.3.i386.rpm     MD5: 68ffa2a86da615dedf5a7ced4ff7baf3
 
IA-64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.ia64.rpm     MD5: 2d633b6c29a30b31f1d43a4a16904cf9
libungif-devel-4.1.0-15.el3.3.ia64.rpm     MD5: 60774b099eced3d03b2fe545b329412b
 
x86_64:
libungif-4.1.0-15.el3.3.i386.rpm     MD5: 164b768be58ab848de11b807e2965b09
libungif-4.1.0-15.el3.3.x86_64.rpm     MD5: 97a4db4e1b075d498b419e226e4985fb
libungif-devel-4.1.0-15.el3.3.x86_64.rpm     MD5: 748454935fb5a2d99cfe13ac510e39e4
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
libungif-4.1.3-1.el4.2.src.rpm     MD5: e241666690d657eeeaa5ead5b3bbfadd
 
IA-32:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-devel-4.1.3-1.el4.2.i386.rpm     MD5: 0c3fd8a9ef630b0c463c1023f887d811
libungif-progs-4.1.3-1.el4.2.i386.rpm     MD5: 1bda7d495675421af2e528244dff8ed4
 
IA-64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.ia64.rpm     MD5: aea54ec43692c8cff548e80dc816f404
libungif-devel-4.1.3-1.el4.2.ia64.rpm     MD5: 86c0a610b5294c673c075d6b345009c1
libungif-progs-4.1.3-1.el4.2.ia64.rpm     MD5: 123867a704cdcbab79c5c9ba581e4c06
 
x86_64:
libungif-4.1.3-1.el4.2.i386.rpm     MD5: 0f0bbddea36d3b7a54c4549c10486ed1
libungif-4.1.3-1.el4.2.x86_64.rpm     MD5: 8b86bf10b45e74a2da545ff9a4841c66
libungif-devel-4.1.3-1.el4.2.x86_64.rpm     MD5: 43b1c3400e73db747c99a3cb8f78ad9c
libungif-progs-4.1.3-1.el4.2.x86_64.rpm     MD5: af5059a0c3ec86f9829002226ea8e9af
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
libungif-4.1.0-9.5.src.rpm     MD5: e56ab6dbd063ad9f7ce270d469e91fa1
 
IA-64:
libungif-4.1.0-9.5.ia64.rpm     MD5: b318e8b61a7ffe25754095412317092e
libungif-devel-4.1.0-9.5.ia64.rpm     MD5: 84a95d616bd748c8a9f08cd795cbead1
libungif-progs-4.1.0-9.5.ia64.rpm     MD5: 2f34606d66720b885a6f72d1bc51e9a7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

171413 - CVE-2005-2974 Several libungif issues (CVE-2005-3350)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/