[SECURITY] Fedora Core 4 Update: libungif-4.1.3-3.fc4.2

Matthias Clasen mclasen at redhat.com
Thu Nov 3 17:18:48 UTC 2005


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1046
2005-11-03
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : libungif
Version     : 4.1.3                      
Release     : 3.fc4.2                  
Summary     : A library for manipulating GIF format image files.
Description :
The libungif package contains a shared library of functions for
loading and saving GIF format image files.  The libungif library can
load any GIF file, but it will save GIFs only in uncompressed format
(i.e., it won't use the patented LZW compression used to save "normal"
compressed GIF files).

Install the libungif package if you need to manipulate GIF files.  You
should also install the libungif-progs package.

---------------------------------------------------------------------
Update Information:

The libungif package contains a shared library of functions
for loading and saving GIF format image files. The libungif
library can load any GIF file, but it will save GIFs only in
uncompressed format; it will not use the patented LZW
compression used to save "normal" compressed GIF files.

A bug was found in the way libungif handles colormaps. An
attacker could create a GIF file in such a way that could
cause out-of-bounds writes and register corruptions. The
Common Vulnerabilities and Exposures project assigned the
name CAN-2005-2974 to this issue.

All users of libungif should upgrade to the updated
packages, which contain a backported patch to resolve this
issue.
---------------------------------------------------------------------
* Fri Oct 21 2005 Matthias Clasen <mclasen at redhat.com> 4.1.0-el3.2
- Fix several register corruptions and an out-of-bounds write.


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

ab573bcf8a97ff41f69272d807eacc76  SRPMS/libungif-4.1.3-3.fc4.2.src.rpm
97d138079ce2fe9edf048886576530e6  ppc/libungif-4.1.3-3.fc4.2.ppc.rpm
3dab5f6447ebd94f02aa7324c340e343  ppc/libungif-devel-4.1.3-3.fc4.2.ppc.rpm
f27bb1917944b4f85a1d90ad8a66ef10  ppc/libungif-progs-4.1.3-3.fc4.2.ppc.rpm
56ff34c7206080080edafc5642c9f609  ppc/debug/libungif-debuginfo-4.1.3-3.fc4.2.ppc.rpm
e41eff33e21b0be593a718492d81c0a4  ppc/libungif-4.1.3-3.fc4.2.ppc64.rpm
ec5c0639efa501a8629150bed747754f  x86_64/libungif-4.1.3-3.fc4.2.x86_64.rpm
f5bf4717befb8fc239ef91ded1f9a65e  x86_64/libungif-devel-4.1.3-3.fc4.2.x86_64.rpm
ab42694f55e4674a802be3d2f8a6027e  x86_64/libungif-progs-4.1.3-3.fc4.2.x86_64.rpm
3c306e3109f6fb56852832eb23315f7b  x86_64/debug/libungif-debuginfo-4.1.3-3.fc4.2.x86_64.rpm
a484b2fab31810d710154accbe2d6ced  x86_64/libungif-4.1.3-3.fc4.2.i386.rpm
a484b2fab31810d710154accbe2d6ced  i386/libungif-4.1.3-3.fc4.2.i386.rpm
f25162d9e6f157c63802ca645251e070  i386/libungif-devel-4.1.3-3.fc4.2.i386.rpm
568e4e6af237d5c414bad4bc7053abec  i386/libungif-progs-4.1.3-3.fc4.2.i386.rpm
56ea24dfa869521a9955901f2a3ccb29  i386/debug/libungif-debuginfo-4.1.3-3.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------




More information about the announce mailing list