Red Hat Product Errata RHSA-2005:828 - Security Advisory
Issued:
2005-11-03
Updated:
2005-11-03

RHSA-2005:828 - Security Advisory

Synopsis

libungif security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libungif packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The libungif package contains a shared library of functions for loading and
saving GIF format image files.

Several bugs in the way libungif decodes GIF images were discovered. An
attacker could create a carefully crafted GIF image file in such a way that
it could cause an application linked with libungif to crash or execute
arbitrary code when the file is opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the names CVE-2005-2974
and CVE-2005-3350 to these issues.

All users of libungif are advised to upgrade to these updated packages,
which contain backported patches that resolve these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 171413 - CVE-2005-2974 Several libungif issues (CVE-2005-3350)

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
x86_64
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.x86_64.rpm SHA-256: 8bdfbd98cabebf652593db11bd282a895088e277296d0103b1cf96727eef9655
libungif-4.1.3-1.el4.2.x86_64.rpm SHA-256: 8bdfbd98cabebf652593db11bd282a895088e277296d0103b1cf96727eef9655
libungif-devel-4.1.3-1.el4.2.x86_64.rpm SHA-256: 415a0ad98842c33b99161162c8d51333ca8c34dfa227c01e192af5b2121c0040
libungif-devel-4.1.3-1.el4.2.x86_64.rpm SHA-256: 415a0ad98842c33b99161162c8d51333ca8c34dfa227c01e192af5b2121c0040
libungif-progs-4.1.3-1.el4.2.x86_64.rpm SHA-256: 12cd0f889aea4497da3d9cf792e6a1e2633dc4b5b26a01011480130c8ef31955
libungif-progs-4.1.3-1.el4.2.x86_64.rpm SHA-256: 12cd0f889aea4497da3d9cf792e6a1e2633dc4b5b26a01011480130c8ef31955
ia64
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.ia64.rpm SHA-256: 8ad5c906577f2fa1258b974e7a0ea76cfdbd3b85491fe10b98c1a787170ce2ec
libungif-4.1.3-1.el4.2.ia64.rpm SHA-256: 8ad5c906577f2fa1258b974e7a0ea76cfdbd3b85491fe10b98c1a787170ce2ec
libungif-devel-4.1.3-1.el4.2.ia64.rpm SHA-256: 3d372c1fa6abcfca10282ee1216845c8faa5f48aaa97c84b0bda1ffb2652c264
libungif-devel-4.1.3-1.el4.2.ia64.rpm SHA-256: 3d372c1fa6abcfca10282ee1216845c8faa5f48aaa97c84b0bda1ffb2652c264
libungif-progs-4.1.3-1.el4.2.ia64.rpm SHA-256: 5ca816971d64e085ea3ddaf7f301c6e2af0ed46ea82b24c9a505848edd9b9eb0
libungif-progs-4.1.3-1.el4.2.ia64.rpm SHA-256: 5ca816971d64e085ea3ddaf7f301c6e2af0ed46ea82b24c9a505848edd9b9eb0
i386
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-devel-4.1.3-1.el4.2.i386.rpm SHA-256: e4f86ddec78a394f46a674773b65d5da503005b9907da7add30e6d0a43196dd4
libungif-devel-4.1.3-1.el4.2.i386.rpm SHA-256: e4f86ddec78a394f46a674773b65d5da503005b9907da7add30e6d0a43196dd4
libungif-progs-4.1.3-1.el4.2.i386.rpm SHA-256: 2dd3cdc3e836037d8f35b2a2583e602685882a1d5e55cee58d44d38c967dff60
libungif-progs-4.1.3-1.el4.2.i386.rpm SHA-256: 2dd3cdc3e836037d8f35b2a2583e602685882a1d5e55cee58d44d38c967dff60

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.x86_64.rpm SHA-256: 8bdfbd98cabebf652593db11bd282a895088e277296d0103b1cf96727eef9655
libungif-devel-4.1.3-1.el4.2.x86_64.rpm SHA-256: 415a0ad98842c33b99161162c8d51333ca8c34dfa227c01e192af5b2121c0040
libungif-progs-4.1.3-1.el4.2.x86_64.rpm SHA-256: 12cd0f889aea4497da3d9cf792e6a1e2633dc4b5b26a01011480130c8ef31955
ia64
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.ia64.rpm SHA-256: 8ad5c906577f2fa1258b974e7a0ea76cfdbd3b85491fe10b98c1a787170ce2ec
libungif-devel-4.1.3-1.el4.2.ia64.rpm SHA-256: 3d372c1fa6abcfca10282ee1216845c8faa5f48aaa97c84b0bda1ffb2652c264
libungif-progs-4.1.3-1.el4.2.ia64.rpm SHA-256: 5ca816971d64e085ea3ddaf7f301c6e2af0ed46ea82b24c9a505848edd9b9eb0
i386
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-devel-4.1.3-1.el4.2.i386.rpm SHA-256: e4f86ddec78a394f46a674773b65d5da503005b9907da7add30e6d0a43196dd4
libungif-progs-4.1.3-1.el4.2.i386.rpm SHA-256: 2dd3cdc3e836037d8f35b2a2583e602685882a1d5e55cee58d44d38c967dff60

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-4.1.3-1.el4.2.x86_64.rpm SHA-256: 8bdfbd98cabebf652593db11bd282a895088e277296d0103b1cf96727eef9655
libungif-devel-4.1.3-1.el4.2.x86_64.rpm SHA-256: 415a0ad98842c33b99161162c8d51333ca8c34dfa227c01e192af5b2121c0040
libungif-progs-4.1.3-1.el4.2.x86_64.rpm SHA-256: 12cd0f889aea4497da3d9cf792e6a1e2633dc4b5b26a01011480130c8ef31955
i386
libungif-4.1.3-1.el4.2.i386.rpm SHA-256: 57cd9284ec44e03930c3fcf71407b9b418f4fac724ec4eec3a749199926b46d4
libungif-devel-4.1.3-1.el4.2.i386.rpm SHA-256: e4f86ddec78a394f46a674773b65d5da503005b9907da7add30e6d0a43196dd4
libungif-progs-4.1.3-1.el4.2.i386.rpm SHA-256: 2dd3cdc3e836037d8f35b2a2583e602685882a1d5e55cee58d44d38c967dff60

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
libungif-4.1.3-1.el4.2.s390.rpm SHA-256: de2e0dd4065d170d2defb055ea076ad13689084fd5d546816c1e27e651e16876
libungif-4.1.3-1.el4.2.s390x.rpm SHA-256: 495755614df99a645b92289980a09a61a6f48ad6f46f8e568b8c7f42b3ac7f71
libungif-devel-4.1.3-1.el4.2.s390x.rpm SHA-256: 3172ffc998f276abb676c71e00ec721cd66574e4d4da77dfde4e913902b899da
libungif-progs-4.1.3-1.el4.2.s390x.rpm SHA-256: 61681dc4231f413a116ca747a7f140e878d75bb720961bccdaea7baf28af521b
s390
libungif-4.1.3-1.el4.2.s390.rpm SHA-256: de2e0dd4065d170d2defb055ea076ad13689084fd5d546816c1e27e651e16876
libungif-devel-4.1.3-1.el4.2.s390.rpm SHA-256: 99d098e25cd5009c8b2ef7163edfbdd2c0163ecdd9e2b2e426f5bdd08d5f1b36
libungif-progs-4.1.3-1.el4.2.s390.rpm SHA-256: b02482a804daed95bf78fca96b2b0cb1be2497b4effdbd5db4352fea3cc4b92b

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
libungif-4.1.3-1.el4.2.ppc.rpm SHA-256: 1313b967d79493de7aa9df56db3bdeb8131472ec69e2d5253c922153d4cadffb
libungif-4.1.3-1.el4.2.ppc64.rpm SHA-256: 3f9d6cf84936ac70dd00ee79d83f0332afae3ab3eb21ee507228cc4df743ee42
libungif-devel-4.1.3-1.el4.2.ppc.rpm SHA-256: 6d9e92c2021019de48015a5dcebd723576dd58c5364ab1325409f687ca5ec27e
libungif-progs-4.1.3-1.el4.2.ppc.rpm SHA-256: 1af11bd355babcd605eca7d620f90e47e769e9fe6dbe8755c85d98a5b2dfceb7

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.