lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 7 Nov 2005 12:31:32 -0500
From: Martin Pitt <>
Subject: [USN-214-1] libungif vulnerabilities

Ubuntu Security Notice USN-214-1	  November 07, 2005
libungif4 vulnerabilities
CVE-2005-2974, CVE-2005-3350

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 4.10 (Breezy Badger)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 4.1.0b1-6ubuntu0.1 (for Ubuntu 4.10), 4.1.3-1ubuntu0.1 (for
Ubuntu 5.04), or 4.1.3-2ubuntu0.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Chris Evans discovered several buffer overflows in the libungif
library. By tricking an user (or automated system) into processing a
specially crafted GIF image, this could be exploited to execute
arbitrary code with the privileges of the application using libungif.

Updated packages for Ubuntu 4.10:

  Source archives:
      Size/MD5:   299066 b1e73895c7e0ad79c0e19e6cdc17e0a0
      Size/MD5:      654 e77c0c985a9a69be2306521c68c90948
      Size/MD5:   351757 20d96eb90cf818a1da093614c44ad3e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   220664 20b10d4a5722c313fb9087e9637d3932
      Size/MD5:    36512 7267a1987fbabd4933e000ccb1506db3
      Size/MD5:    52450 e518ccb9521345253a7195baf59d304c

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   202984 f68d125ce049c9507756e83bad2549dc
      Size/MD5:    34294 3b22cf5ce6d91f4f9f1c27e9a9ec6d75
      Size/MD5:    51064 ce716cf26fdc0b27230dafea49d005c0

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   235062 acc2f9eb7dfc2a0f1e4551a2217fc579
      Size/MD5:    36562 84f4b4a0ed7e5f5a35b9ac7789e70a3e
      Size/MD5:    53420 c0b95884ad01a6ec49aa4a0fbbd71411

Updated packages for Ubuntu 5.04:

  Source archives:
      Size/MD5:    27712 4835a55c199b8bad795cb36ccd844b32
      Size/MD5:      639 7a91eda1b7d0ec48c26f69518e6787f9
      Size/MD5:   569667 cb11e300347ad29e502abc6f56fd23df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   224438 efe72b94ed939de9b85e556e07fb228d
      Size/MD5:    41158 381aaff6c58f9402275bf37cf3c58abf
      Size/MD5:    57506 88918dea5ab32a782a8e1d731a4b4f24

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   206076 a81c6995f1e3ebbba7ce725171574b59
      Size/MD5:    38928 8def52728fce5ef3fcaf3137c3cd2ce3
      Size/MD5:    56194 474750d2fddcf82434a136014e1cb2d9

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   238938 f36748ba01f1527ef18be9ccf8c51456
      Size/MD5:    41242 892f389e108ca0bfbe0346341c88817b
      Size/MD5:    58440 ed9a1b67bcb7165b6cb4f70048c00ca4

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:    27750 e53abb2025395d9dcbb2a957727bef30
      Size/MD5:      639 f774bee9e108e9d70816c5cf7e6c0a35
      Size/MD5:   569667 cb11e300347ad29e502abc6f56fd23df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   221048 9b5a7710353c1f7f8d3ab3a91e6999be
      Size/MD5:    41432 bb6c5e694cf477407ea1d021f045854b
      Size/MD5:    57718 c248516545c8a1062c01397ea262703e

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   207362 bb2048b13a24139776a3c6bed250f56f
      Size/MD5:    38672 4f6a453cf554c8a246de612385b699a6
      Size/MD5:    55668 dad0b983eda12741dc18ac6898d55559

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   240722 cfd899896a119fcabe2ffe06adeed4cb
      Size/MD5:    41626 f4cb22787e4fdeb5f84c1e33e955091d
      Size/MD5:    58706 a52ba57b5c9a8e3028572da122dd5a47

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists