Test ID:	1.3.6.1.4.1.25623.1.0.880696
Category:	CentOS Local Security Checks
Title:	CentOS Update for giflib CESA-2009:0444 centos5 i386
Summary:	The remote host is missing an update for the 'giflib'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'giflib' package(s) announced via the referenced advisory. Vulnerability Insight: The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) All users of giflib are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications using giflib must be restarted for the update to take effect. Affected Software/OS: giflib on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2974 1015149 http://securitytracker.com/id?1015149 15304 http://www.securityfocus.com/bid/15304 17436 http://secunia.com/advisories/17436 17438 http://secunia.com/advisories/17438 17442 http://secunia.com/advisories/17442 17462 http://secunia.com/advisories/17462 17482 http://secunia.com/advisories/17482 17488 http://secunia.com/advisories/17488 17497 http://secunia.com/advisories/17497 17508 http://secunia.com/advisories/17508 17559 http://secunia.com/advisories/17559 20470 http://www.osvdb.org/20470 34872 http://secunia.com/advisories/34872 35164 http://secunia.com/advisories/35164 ADV-2005-2295 http://www.vupen.com/english/advisories/2005/2295 DSA-890 http://www.debian.org/security/2005/dsa-890 FEDORA-2005-1045 http://www.securityfocus.com/advisories/9636 FEDORA-2005-1046 http://www.securityfocus.com/advisories/9637 FEDORA-2009-5118 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html FLSA-2006:174479 http://www.securityfocus.com/archive/1/428059/30/6300/threaded FLSA:174479 http://www.securityfocus.com/archive/1/428059/100/0/threaded GLSA-200511-03 http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml MDKSA-2005:207 http://www.mandriva.com/security/advisories?name=MDKSA-2005:207 RHSA-2005:828 http://www.redhat.com/support/errata/RHSA-2005-828.html RHSA-2009:0444 http://www.redhat.com/support/errata/RHSA-2009-0444.html USN-214-1 http://www.ubuntulinux.org/usn/usn-214-1 http://bugs.gentoo.org/show_bug.cgi?id=109997 http://scary.beasts.org/security/CESA-2005-007.txt http://sourceforge.net/project/shownotes.php?release_id=364493 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413 oval:org.mitre.oval:def:10994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10994 Common Vulnerability Exposure (CVE) ID: CVE-2005-3350 15299 http://www.securityfocus.com/bid/15299 20471 http://www.osvdb.org/20471 oval:org.mitre.oval:def:9314 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9314
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.