Red Hat Product Errata RHSA-2009:0444 - Security Advisory
Issued:
2009-04-22
Updated:
2009-04-22

RHSA-2009:0444 - Security Advisory

Synopsis

Important: giflib security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated giflib packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The giflib packages contain a shared library of functions for loading and
saving GIF image files. This library is API and ABI compatible with
libungif, the library that supported uncompressed GIF image files while the
Unisys LZW patent was in effect.

Several flaws were discovered in the way giflib decodes GIF images. An
attacker could create a carefully crafted GIF image that could cause an
application using giflib to crash or, possibly, execute arbitrary code when
opened by a victim. (CVE-2005-2974, CVE-2005-3350)

All users of giflib are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications using giflib must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

  • BZ - 494823 - CVE-2005-3350 giflib/libunfig: memory corruption via a crafted GIF
  • BZ - 494826 - CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash

Red Hat Enterprise Linux Server 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 39408356c07082d5cf9b4e6c238651a81b2c70ef8d18b65c460fb4a8c4d668be
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
ia64
giflib-4.1.3-7.1.el5_3.1.ia64.rpm SHA-256: 1b400f5d1a1542eb6bad5fd2fb5197508ae85c23caf49c6a9fe53f85b41d30b4
giflib-devel-4.1.3-7.1.el5_3.1.ia64.rpm SHA-256: 46371edf109712a26d4008b0a0f4990fb638971354816d2e3563b4191cc92dbe
giflib-utils-4.1.3-7.1.el5_3.1.ia64.rpm SHA-256: ba8689080e51799f7f2e9b1a08e13f4785e80000bb638682cda3595309d556aa
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
ia64
i386
x86_64

Red Hat Enterprise Linux Workstation 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 39408356c07082d5cf9b4e6c238651a81b2c70ef8d18b65c460fb4a8c4d668be
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux Desktop 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
s390x
giflib-4.1.3-7.1.el5_3.1.s390.rpm SHA-256: 989597e6a6b08c5bb4bb38cb01a9033011cf522c7f5eb76a898d24883258bfd7
giflib-4.1.3-7.1.el5_3.1.s390x.rpm SHA-256: 1fc6a6ac03d6695c0a66765f56d36ce959a752cd2173a4fb20f28ee1b012cde6
giflib-devel-4.1.3-7.1.el5_3.1.s390.rpm SHA-256: 2b9dbb152a1e247f554b42139d88a4352ab5b1cda76c8a1cfaa53047dd4e3ae5
giflib-devel-4.1.3-7.1.el5_3.1.s390x.rpm SHA-256: b1ef33664a0bff6e4fb977006e7781985438271d66ae54aacf56048d5ff0617f
giflib-utils-4.1.3-7.1.el5_3.1.s390x.rpm SHA-256: deffe14bc3df4e3b40d70675c9ce050cafb389814ea8a5c8e9673031032f24d2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
ppc
giflib-4.1.3-7.1.el5_3.1.ppc.rpm SHA-256: 49d747cfb52d79f69817aac3a8854a9e3b68e3b6e14c6285d951e0fe0e977755
giflib-4.1.3-7.1.el5_3.1.ppc64.rpm SHA-256: 00f34b1e5098bed12a2ad4ca7afb7ea2c71af56ced0edca53f9f74b165b3daff
giflib-devel-4.1.3-7.1.el5_3.1.ppc.rpm SHA-256: 3f9cf82bbf0d9821259e4078eb9760ca4009ea0a67e7cc279662485ea67ae828
giflib-devel-4.1.3-7.1.el5_3.1.ppc64.rpm SHA-256: e71788aa1ea7a2d434b456370bd8fc9e9b71871c622b1cf7246e44ebadbdc448
giflib-utils-4.1.3-7.1.el5_3.1.ppc.rpm SHA-256: e241b3b2715fb535899f4105044ffefd0ec1e2884d2a3591303ab7763c7c0557

Red Hat Enterprise Linux Server from RHUI 5

SRPM
giflib-4.1.3-7.1.el5_3.1.src.rpm SHA-256: 66ec4ba82abdd1cffcb16a28f51a0514116479cbe9d075719adf57030f21cadb
x86_64
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: fbc3dd672810aafdc45ea8274e7699c4fa8be11d4bb8b2dee1694a207d72627f
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-devel-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 39408356c07082d5cf9b4e6c238651a81b2c70ef8d18b65c460fb4a8c4d668be
giflib-utils-4.1.3-7.1.el5_3.1.x86_64.rpm SHA-256: 28856a6a9fe5d29c6431be3a47a1021aae3c3550aab1d09c8bea9882293ef89e
i386
giflib-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 98a929072c8e44114bf97cfecf967a745ac177ab0dff129cf472fee7d631b7d1
giflib-devel-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: 464431f7b15e4cbfa11cbabfab911128dbf2fdf36531d4a034b970cfb83ac23d
giflib-utils-4.1.3-7.1.el5_3.1.i386.rpm SHA-256: bf6fc484a6875779d8a921d89ff23d6912a470c5838f96b7ac04e318aaa47722

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.