Home > Security > Advisories

Advisories

Mandriva Advisories

Package name libungif
Date November 9th, 2005
Advisory ID MDKSA-2005:207
Affected versions 10.1, CS2.1, CS3.0, 10.2, 2006.0
Synopsis Updated libungif packages fix various vulnerabilities

Problem Description

Several bugs have been discovered in the way libungif decodes GIF images. These allow an attacker to create a carefully crafted GIF image file in such a way that it could cause applications linked with libungif to crash or execute arbitrary code when the file is opened by the user. The updated packages have been patched to address this issue.

Updated Packages

Mandrakelinux 10.1

7572b3ed1c8846b63e4cfe1b8894a32f  10.1/RPMS/libungif4-4.1.2-2.1.101mdk.i586.rpm
 82bd5a5c751e078763c81220da64c423  10.1/RPMS/libungif4-devel-4.1.2-2.1.101mdk.i586.rpm
 d6d48523f5e06df65ec15baa1bf2bddb  10.1/RPMS/libungif4-static-devel-4.1.2-2.1.101mdk.i586.rpm
 c76166c5d8c0e9810a00eb0f43933fe2  10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.i586.rpm
 37ddb151c6110d637ed6a98e198a1e53  10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

a47d1d8f03418e916294fa5713143150  x86_64/10.1/RPMS/lib64ungif4-4.1.2-2.1.101mdk.x86_64.rpm
 eb9d79c3243fe189c0093bff6ea2fd35  x86_64/10.1/RPMS/lib64ungif4-devel-4.1.2-2.1.101mdk.x86_64.rpm
 0f9a3c70ea330841b2449cc21a604d8c  x86_64/10.1/RPMS/lib64ungif4-static-devel-4.1.2-2.1.101mdk.x86_64.rpm
 303c855118c6cd38dcd7419896e4c913  x86_64/10.1/RPMS/libungif-progs-4.1.2-2.1.101mdk.x86_64.rpm
 37ddb151c6110d637ed6a98e198a1e53  x86_64/10.1/SRPMS/libungif-4.1.2-2.1.101mdk.src.rpm

Corporate Server 2.1

936ee3114e416984e4aba756608a2802  corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.i586.rpm
 f76d4814f118ca630bfdf44998d9d49d  corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.i586.rpm
 fc5532eea180d6c31c0a9e41f2f2b5c9  corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.i586.rpm
 b00eb0db117e0873d9e3727d8623019d  corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

b949a414676df894beff1f0bbd1cf8dd  x86_64/corporate/2.1/RPMS/libungif4-4.1.0-19.1.C21mdk.x86_64.rpm
 d688a956b50e58a390da4638c8d8552b  x86_64/corporate/2.1/RPMS/libungif4-devel-4.1.0-19.1.C21mdk.x86_64.rpm
 d4b4ae8c4fbab006e11f732da4e94072  x86_64/corporate/2.1/RPMS/libungif4-static-devel-4.1.0-19.1.C21mdk.x86_64.rpm
 b00eb0db117e0873d9e3727d8623019d  x86_64/corporate/2.1/SRPMS/libungif-4.1.0-19.1.C21mdk.src.rpm

Corporate Server 3.0

100e1f0098e403f373246b40ad30a26c  corporate/3.0/RPMS/libungif4-4.1.0-23.1.C30mdk.i586.rpm
 9395faa12299d659e1c21f0710e68d0d  corporate/3.0/RPMS/libungif4-devel-4.1.0-23.1.C30mdk.i586.rpm
 710f25082b1534ecaed8cd93e925b1ce  corporate/3.0/RPMS/libungif4-static-devel-4.1.0-23.1.C30mdk.i586.rpm
 f1457fe0f7af89d2c4b91b7234264106  corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

4c2dcc592be1b52254a942cfa0771cf9  x86_64/corporate/3.0/RPMS/lib64ungif4-4.1.0-23.1.C30mdk.x86_64.rpm
 fb7420250a7444c44da3f142a2ffe206  x86_64/corporate/3.0/RPMS/lib64ungif4-devel-4.1.0-23.1.C30mdk.x86_64.rpm
 b876da48e6fa314cd5f735619d5325ef  x86_64/corporate/3.0/RPMS/lib64ungif4-static-devel-4.1.0-23.1.C30mdk.x86_64.rpm
 f1457fe0f7af89d2c4b91b7234264106  x86_64/corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm

Mandrivalinux LE2005

ebf8f6eb09d3114f9a761cc7f52cd8bb  10.2/RPMS/libungif4-4.1.3-1.1.102mdk.i586.rpm
 88ae8d5c2248985eba52680873759f11  10.2/RPMS/libungif4-devel-4.1.3-1.1.102mdk.i586.rpm
 3eca46cddca2d15bee06f5109cf5e287  10.2/RPMS/libungif4-static-devel-4.1.3-1.1.102mdk.i586.rpm
 8586b759a2a6fafba49f29e23e4dae13  10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.i586.rpm
 ae1821c6f0cb57991206c287bef87211  10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm

Mandrivalinux LE2005/X86_64

4f64cf649de6ccf2e0343b3aae2157c5  x86_64/10.2/RPMS/lib64ungif4-4.1.3-1.1.102mdk.x86_64.rpm
 69a3ea4a02abbdbba26977a1ed1f3392  x86_64/10.2/RPMS/lib64ungif4-devel-4.1.3-1.1.102mdk.x86_64.rpm
 bd7441f6648425731a453c58b4b9cc63  x86_64/10.2/RPMS/lib64ungif4-static-devel-4.1.3-1.1.102mdk.x86_64.rpm
 5a91547614f3716d7f8dd9bfdbc3fb6c  x86_64/10.2/RPMS/libungif-progs-4.1.3-1.1.102mdk.x86_64.rpm
 ae1821c6f0cb57991206c287bef87211  x86_64/10.2/SRPMS/libungif-4.1.3-1.1.102mdk.src.rpm

Mandrivalinux 2006

24070dfd47ec6b55a64debfd348d9711  2006.0/RPMS/libungif4-4.1.3-1.1.20060mdk.i586.rpm
 ce86d6f15aebb0f7c9a772f60414fa0f  2006.0/RPMS/libungif4-devel-4.1.3-1.1.20060mdk.i586.rpm
 48fcbd7ac7f0463db1c031dca381c79b  2006.0/RPMS/libungif4-static-devel-4.1.3-1.1.20060mdk.i586.rpm
 62edb8465eece3bf2d52a44d7cdaf870  2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.i586.rpm
 377b356f789805ffd30b75620681df31  2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm

Mandrivalinux 2006/X86_64

8a1c2fdc518a898d1638f162dbcf0129  x86_64/2006.0/RPMS/lib64ungif4-4.1.3-1.1.20060mdk.x86_64.rpm
 76150147149dbce7c1b6ea990f7bc737  x86_64/2006.0/RPMS/lib64ungif4-devel-4.1.3-1.1.20060mdk.x86_64.rpm
 3fb2d95c03cb31ffd41d86786d3471a8  x86_64/2006.0/RPMS/lib64ungif4-static-devel-4.1.3-1.1.20060mdk.x86_64.rpm
 775f7f489b5c289ffcdfe5bf005c4131  x86_64/2006.0/RPMS/libungif-progs-4.1.3-1.1.20060mdk.x86_64.rpm
 377b356f789805ffd30b75620681df31  x86_64/2006.0/SRPMS/libungif-4.1.3-1.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350

Upgrade

To upgrade automatically, use MandrakeUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.