lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051107173132.GC6045@piware.de>
Date: Mon, 7 Nov 2005 12:31:32 -0500
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-214-1] libungif vulnerabilities

===========================================================
Ubuntu Security Notice USN-214-1	  November 07, 2005
libungif4 vulnerabilities
CVE-2005-2974, CVE-2005-3350
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 4.10 (Breezy Badger)

The following packages are affected:

libungif4g

The problem can be corrected by upgrading the affected package to
version 4.1.0b1-6ubuntu0.1 (for Ubuntu 4.10), 4.1.3-1ubuntu0.1 (for
Ubuntu 5.04), or 4.1.3-2ubuntu0.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Chris Evans discovered several buffer overflows in the libungif
library. By tricking an user (or automated system) into processing a
specially crafted GIF image, this could be exploited to execute
arbitrary code with the privileges of the application using libungif.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.0b1-6ubuntu0.1.diff.gz
      Size/MD5:   299066 b1e73895c7e0ad79c0e19e6cdc17e0a0
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.0b1-6ubuntu0.1.dsc
      Size/MD5:      654 e77c0c985a9a69be2306521c68c90948
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.0b1.orig.tar.gz
      Size/MD5:   351757 20d96eb90cf818a1da093614c44ad3e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.0b1-6ubuntu0.1_amd64.deb
      Size/MD5:   220664 20b10d4a5722c313fb9087e9637d3932
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.0b1-6ubuntu0.1_amd64.deb
      Size/MD5:    36512 7267a1987fbabd4933e000ccb1506db3
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.0b1-6ubuntu0.1_amd64.deb
      Size/MD5:    52450 e518ccb9521345253a7195baf59d304c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.0b1-6ubuntu0.1_i386.deb
      Size/MD5:   202984 f68d125ce049c9507756e83bad2549dc
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.0b1-6ubuntu0.1_i386.deb
      Size/MD5:    34294 3b22cf5ce6d91f4f9f1c27e9a9ec6d75
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.0b1-6ubuntu0.1_i386.deb
      Size/MD5:    51064 ce716cf26fdc0b27230dafea49d005c0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.0b1-6ubuntu0.1_powerpc.deb
      Size/MD5:   235062 acc2f9eb7dfc2a0f1e4551a2217fc579
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.0b1-6ubuntu0.1_powerpc.deb
      Size/MD5:    36562 84f4b4a0ed7e5f5a35b9ac7789e70a3e
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.0b1-6ubuntu0.1_powerpc.deb
      Size/MD5:    53420 c0b95884ad01a6ec49aa4a0fbbd71411

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-1ubuntu0.1.diff.gz
      Size/MD5:    27712 4835a55c199b8bad795cb36ccd844b32
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-1ubuntu0.1.dsc
      Size/MD5:      639 7a91eda1b7d0ec48c26f69518e6787f9
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz
      Size/MD5:   569667 cb11e300347ad29e502abc6f56fd23df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-1ubuntu0.1_amd64.deb
      Size/MD5:   224438 efe72b94ed939de9b85e556e07fb228d
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-1ubuntu0.1_amd64.deb
      Size/MD5:    41158 381aaff6c58f9402275bf37cf3c58abf
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-1ubuntu0.1_amd64.deb
      Size/MD5:    57506 88918dea5ab32a782a8e1d731a4b4f24

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-1ubuntu0.1_i386.deb
      Size/MD5:   206076 a81c6995f1e3ebbba7ce725171574b59
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-1ubuntu0.1_i386.deb
      Size/MD5:    38928 8def52728fce5ef3fcaf3137c3cd2ce3
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-1ubuntu0.1_i386.deb
      Size/MD5:    56194 474750d2fddcf82434a136014e1cb2d9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-1ubuntu0.1_powerpc.deb
      Size/MD5:   238938 f36748ba01f1527ef18be9ccf8c51456
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-1ubuntu0.1_powerpc.deb
      Size/MD5:    41242 892f389e108ca0bfbe0346341c88817b
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-1ubuntu0.1_powerpc.deb
      Size/MD5:    58440 ed9a1b67bcb7165b6cb4f70048c00ca4

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-2ubuntu0.1.diff.gz
      Size/MD5:    27750 e53abb2025395d9dcbb2a957727bef30
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3-2ubuntu0.1.dsc
      Size/MD5:      639 f774bee9e108e9d70816c5cf7e6c0a35
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz
      Size/MD5:   569667 cb11e300347ad29e502abc6f56fd23df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-2ubuntu0.1_amd64.deb
      Size/MD5:   221048 9b5a7710353c1f7f8d3ab3a91e6999be
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-2ubuntu0.1_amd64.deb
      Size/MD5:    41432 bb6c5e694cf477407ea1d021f045854b
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-2ubuntu0.1_amd64.deb
      Size/MD5:    57718 c248516545c8a1062c01397ea262703e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-2ubuntu0.1_i386.deb
      Size/MD5:   207362 bb2048b13a24139776a3c6bed250f56f
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-2ubuntu0.1_i386.deb
      Size/MD5:    38672 4f6a453cf554c8a246de612385b699a6
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-2ubuntu0.1_i386.deb
      Size/MD5:    55668 dad0b983eda12741dc18ac6898d55559

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libu/libungif4/libungif-bin_4.1.3-2ubuntu0.1_powerpc.deb
      Size/MD5:   240722 cfd899896a119fcabe2ffe06adeed4cb
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4-dev_4.1.3-2ubuntu0.1_powerpc.deb
      Size/MD5:    41626 f4cb22787e4fdeb5f84c1e33e955091d
    http://security.ubuntu.com/ubuntu/pool/main/libu/libungif4/libungif4g_4.1.3-2ubuntu0.1_powerpc.deb
      Size/MD5:    58706 a52ba57b5c9a8e3028572da122dd5a47

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ