Fedora Local Security Checks : Fedora Core 4 FEDORA-2005-1046 (libungif)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.55790

Category: Fedora Local Security Checks

Title: Fedora Core 4 FEDORA-2005-1046 (libungif)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to libungif
announced via advisory FEDORA-2005-1046.

The libungif package contains a shared library of functions for
loading and saving GIF format image files. The libungif library can
load any GIF file, but it will save GIFs only in uncompressed format
(i.e., it won't use the patented LZW compression used to save normal
compressed GIF files).

Install the libungif package if you need to manipulate GIF files. You
should also install the libungif-progs package.

Update Information:

The libungif package contains a shared library of functions
for loading and saving GIF format image files. The libungif
library can load any GIF file, but it will save GIFs only in
uncompressed format
it will not use the patented LZW
compression used to save normal compressed GIF files.

A bug was found in the way libungif handles colormaps. An
attacker could create a GIF file in such a way that could
cause out-of-bounds writes and register corruptions. The
Common Vulnerabilities and Exposures project assigned the
name CVE-2005-2974 to this issue.

All users of libungif should upgrade to the updated
packages, which contain a backported patch to resolve this
issue.
* Fri Oct 21 2005 Matthias Clasen 4.1.0-el3.2
- Fix several register corruptions and an out-of-bounds write.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

ab573bcf8a97ff41f69272d807eacc76 SRPMS/libungif-4.1.3-3.fc4.2.src.rpm
97d138079ce2fe9edf048886576530e6 ppc/libungif-4.1.3-3.fc4.2.ppc.rpm
3dab5f6447ebd94f02aa7324c340e343 ppc/libungif-devel-4.1.3-3.fc4.2.ppc.rpm
f27bb1917944b4f85a1d90ad8a66ef10 ppc/libungif-progs-4.1.3-3.fc4.2.ppc.rpm
56ff34c7206080080edafc5642c9f609 ppc/debug/libungif-debuginfo-4.1.3-3.fc4.2.ppc.rpm
e41eff33e21b0be593a718492d81c0a4 ppc/libungif-4.1.3-3.fc4.2.ppc64.rpm
ec5c0639efa501a8629150bed747754f x86_64/libungif-4.1.3-3.fc4.2.x86_64.rpm
f5bf4717befb8fc239ef91ded1f9a65e x86_64/libungif-devel-4.1.3-3.fc4.2.x86_64.rpm
ab42694f55e4674a802be3d2f8a6027e x86_64/libungif-progs-4.1.3-3.fc4.2.x86_64.rpm
3c306e3109f6fb56852832eb23315f7b x86_64/debug/libungif-debuginfo-4.1.3-3.fc4.2.x86_64.rpm
a484b2fab31810d710154accbe2d6ced x86_64/libungif-4.1.3-3.fc4.2.i386.rpm
a484b2fab31810d710154accbe2d6ced i386/libungif-4.1.3-3.fc4.2.i386.rpm
f25162d9e6f157c63802ca645251e070 i386/libungif-devel-4.1.3-3.fc4.2.i386.rpm
568e4e6af237d5c414bad4bc7053abec i386/libungif-progs-4.1.3-3.fc4.2.i386.rpm
56ea24dfa869521a9955901f2a3ccb29 i386/debug/libungif-debuginfo-4.1.3-3.fc4.2.i386.rpm

This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.

--

Solution: Apply the appropriate updates.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-1046

Risk factor : Medium

CVSS Score:
2.6

Cross-Ref: BugTraq ID: 15304
Common Vulnerability Exposure (CVE) ID: CVE-2005-2974
1015149
http://securitytracker.com/id?1015149
15304
http://www.securityfocus.com/bid/15304
17436
http://secunia.com/advisories/17436
17438
http://secunia.com/advisories/17438
17442
http://secunia.com/advisories/17442
17462
http://secunia.com/advisories/17462
17482
http://secunia.com/advisories/17482
17488
http://secunia.com/advisories/17488
17497
http://secunia.com/advisories/17497
17508
http://secunia.com/advisories/17508
17559
http://secunia.com/advisories/17559
20470
http://www.osvdb.org/20470
34872
http://secunia.com/advisories/34872
35164
http://secunia.com/advisories/35164
ADV-2005-2295
http://www.vupen.com/english/advisories/2005/2295
DSA-890
http://www.debian.org/security/2005/dsa-890
FEDORA-2005-1045
http://www.securityfocus.com/advisories/9636
FEDORA-2005-1046
http://www.securityfocus.com/advisories/9637
FEDORA-2009-5118
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html
FLSA-2006:174479
http://www.securityfocus.com/archive/1/428059/30/6300/threaded
FLSA:174479
http://www.securityfocus.com/archive/1/428059/100/0/threaded
GLSA-200511-03
http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml
MDKSA-2005:207
http://www.mandriva.com/security/advisories?name=MDKSA-2005:207
RHSA-2005:828
http://www.redhat.com/support/errata/RHSA-2005-828.html
RHSA-2009:0444
http://www.redhat.com/support/errata/RHSA-2009-0444.html
USN-214-1
http://www.ubuntulinux.org/usn/usn-214-1
http://bugs.gentoo.org/show_bug.cgi?id=109997
http://scary.beasts.org/security/CESA-2005-007.txt
http://sourceforge.net/project/shownotes.php?release_id=364493
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413
oval:org.mitre.oval:def:10994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10994

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.55790
Category:	Fedora Local Security Checks
Title:	Fedora Core 4 FEDORA-2005-1046 (libungif)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libungif announced via advisory FEDORA-2005-1046. The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format (i.e., it won't use the patented LZW compression used to save normal compressed GIF files). Install the libungif package if you need to manipulate GIF files. You should also install the libungif-progs package. Update Information: The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format it will not use the patented LZW compression used to save normal compressed GIF files. A bug was found in the way libungif handles colormaps. An attacker could create a GIF file in such a way that could cause out-of-bounds writes and register corruptions. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2974 to this issue. All users of libungif should upgrade to the updated packages, which contain a backported patch to resolve this issue. * Fri Oct 21 2005 Matthias Clasen 4.1.0-el3.2 - Fix several register corruptions and an out-of-bounds write. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ ab573bcf8a97ff41f69272d807eacc76 SRPMS/libungif-4.1.3-3.fc4.2.src.rpm 97d138079ce2fe9edf048886576530e6 ppc/libungif-4.1.3-3.fc4.2.ppc.rpm 3dab5f6447ebd94f02aa7324c340e343 ppc/libungif-devel-4.1.3-3.fc4.2.ppc.rpm f27bb1917944b4f85a1d90ad8a66ef10 ppc/libungif-progs-4.1.3-3.fc4.2.ppc.rpm 56ff34c7206080080edafc5642c9f609 ppc/debug/libungif-debuginfo-4.1.3-3.fc4.2.ppc.rpm e41eff33e21b0be593a718492d81c0a4 ppc/libungif-4.1.3-3.fc4.2.ppc64.rpm ec5c0639efa501a8629150bed747754f x86_64/libungif-4.1.3-3.fc4.2.x86_64.rpm f5bf4717befb8fc239ef91ded1f9a65e x86_64/libungif-devel-4.1.3-3.fc4.2.x86_64.rpm ab42694f55e4674a802be3d2f8a6027e x86_64/libungif-progs-4.1.3-3.fc4.2.x86_64.rpm 3c306e3109f6fb56852832eb23315f7b x86_64/debug/libungif-debuginfo-4.1.3-3.fc4.2.x86_64.rpm a484b2fab31810d710154accbe2d6ced x86_64/libungif-4.1.3-3.fc4.2.i386.rpm a484b2fab31810d710154accbe2d6ced i386/libungif-4.1.3-3.fc4.2.i386.rpm f25162d9e6f157c63802ca645251e070 i386/libungif-devel-4.1.3-3.fc4.2.i386.rpm 568e4e6af237d5c414bad4bc7053abec i386/libungif-progs-4.1.3-3.fc4.2.i386.rpm 56ea24dfa869521a9955901f2a3ccb29 i386/debug/libungif-debuginfo-4.1.3-3.fc4.2.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. -- Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-1046 Risk factor : Medium CVSS Score: 2.6
Cross-Ref:	BugTraq ID: 15304 Common Vulnerability Exposure (CVE) ID: CVE-2005-2974 1015149 http://securitytracker.com/id?1015149 15304 http://www.securityfocus.com/bid/15304 17436 http://secunia.com/advisories/17436 17438 http://secunia.com/advisories/17438 17442 http://secunia.com/advisories/17442 17462 http://secunia.com/advisories/17462 17482 http://secunia.com/advisories/17482 17488 http://secunia.com/advisories/17488 17497 http://secunia.com/advisories/17497 17508 http://secunia.com/advisories/17508 17559 http://secunia.com/advisories/17559 20470 http://www.osvdb.org/20470 34872 http://secunia.com/advisories/34872 35164 http://secunia.com/advisories/35164 ADV-2005-2295 http://www.vupen.com/english/advisories/2005/2295 DSA-890 http://www.debian.org/security/2005/dsa-890 FEDORA-2005-1045 http://www.securityfocus.com/advisories/9636 FEDORA-2005-1046 http://www.securityfocus.com/advisories/9637 FEDORA-2009-5118 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html FLSA-2006:174479 http://www.securityfocus.com/archive/1/428059/30/6300/threaded FLSA:174479 http://www.securityfocus.com/archive/1/428059/100/0/threaded GLSA-200511-03 http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml MDKSA-2005:207 http://www.mandriva.com/security/advisories?name=MDKSA-2005:207 RHSA-2005:828 http://www.redhat.com/support/errata/RHSA-2005-828.html RHSA-2009:0444 http://www.redhat.com/support/errata/RHSA-2009-0444.html USN-214-1 http://www.ubuntulinux.org/usn/usn-214-1 http://bugs.gentoo.org/show_bug.cgi?id=109997 http://scary.beasts.org/security/CESA-2005-007.txt http://sourceforge.net/project/shownotes.php?release_id=364493 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413 oval:org.mitre.oval:def:10994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10994
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com