Red Hat Product Errata RHSA-2009:0444 - Security Advisory

Issued:: 2009-04-22
Updated:: 2009-04-22

RHSA-2009:0444 - Security Advisory

Overview
Updated Packages

Synopsis

Important: giflib security update

Type/Severity

Security Advisory: Important

Topic

Updated giflib packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The giflib packages contain a shared library of functions for loading and
saving GIF image files. This library is API and ABI compatible with
libungif, the library that supported uncompressed GIF image files while the
Unisys LZW patent was in effect.

Several flaws were discovered in the way giflib decodes GIF images. An
attacker could create a carefully crafted GIF image that could cause an
application using giflib to crash or, possibly, execute arbitrary code when
opened by a victim. (CVE-2005-2974, CVE-2005-3350)

All users of giflib are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications using giflib must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.3 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.3 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386
Red Hat Enterprise Linux Server - AUS 5.3 x86_64
Red Hat Enterprise Linux Server - AUS 5.3 ia64
Red Hat Enterprise Linux Server - AUS 5.3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

BZ - 494823 - CVE-2005-3350 giflib/libunfig: memory corruption via a crafted GIF
BZ - 494826 - CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm	SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 39408356c07082d5cf9b4e6c238651a81b2c70ef8d18b65c460fb4a8c4d668be
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
ia64
giflib-4.1.3-7.1.el5_3.1.ia64.rpm	SHA-256: 1b400f5d1a1542eb6bad5fd2fb5197508ae85c23caf49c6a9fe53f85b41d30b4
giflib-devel-4.1.3-7.1.el5_3.1.ia64.rpm	SHA-256: 46371edf109712a26d4008b0a0f4990fb638971354816d2e3563b4191cc92dbe
giflib-utils-4.1.3-7.1.el5_3.1.ia64.rpm	SHA-256: ba8689080e51799f7f2e9b1a08e13f4785e80000bb638682cda3595309d556aa
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux Workstation 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm	SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 39408356c07082d5cf9b4e6c238651a81b2c70ef8d18b65c460fb4a8c4d668be
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux Desktop 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm	SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm	SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
s390x
giflib-4.1.3-7.1.el5_3.1.s390.rpm	SHA-256: 989597e6a6b08c5bb4bb38cb01a9033011cf522c7f5eb76a898d24883258bfd7
giflib-4.1.3-7.1.el5_3.1.s390x.rpm	SHA-256: 1fc6a6ac03d6695c0a66765f56d36ce959a752cd2173a4fb20f28ee1b012cde6
giflib-devel-4.1.3-7.1.el5_3.1.s390.rpm	SHA-256: 2b9dbb152a1e247f554b42139d88a4352ab5b1cda76c8a1cfaa53047dd4e3ae5
giflib-devel-4.1.3-7.1.el5_3.1.s390x.rpm	SHA-256: b1ef33664a0bff6e4fb977006e7781985438271d66ae54aacf56048d5ff0617f
giflib-utils-4.1.3-7.1.el5_3.1.s390x.rpm	SHA-256: deffe14bc3df4e3b40d70675c9ce050cafb389814ea8a5c8e9673031032f24d2

Red Hat Enterprise Linux for Power, big endian 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm	SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
ppc
giflib-4.1.3-7.1.el5_3.1.ppc.rpm	SHA-256: 49d747cfb52d79f69817aac3a8854a9e3b68e3b6e14c6285d951e0fe0e977755
giflib-4.1.3-7.1.el5_3.1.ppc64.rpm	SHA-256: 00f34b1e5098bed12a2ad4ca7afb7ea2c71af56ced0edca53f9f74b165b3daff
giflib-devel-4.1.3-7.1.el5_3.1.ppc.rpm	SHA-256: 3f9cf82bbf0d9821259e4078eb9760ca4009ea0a67e7cc279662485ea67ae828
giflib-devel-4.1.3-7.1.el5_3.1.ppc64.rpm	SHA-256: e71788aa1ea7a2d434b456370bd8fc9e9b71871c622b1cf7246e44ebadbdc448
giflib-utils-4.1.3-7.1.el5_3.1.ppc.rpm	SHA-256: e241b3b2715fb535899f4105044ffefd0ec1e2884d2a3591303ab7763c7c0557

Red Hat Enterprise Linux Server from RHUI 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm	SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 39408356c07082d5cf9b4e6c238651a81b2c70ef8d18b65c460fb4a8c4d668be
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm	SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm	SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories