From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4 Description of problem: 05.45.11 CVE: CVE-2005-3350 Platform: Unix Title: libungif Null Pointer Dereference Denial of Service Description: libungif is a shared library of functions for loading and saving GIF format images. It is prone to a denial of service vulnerability. The library is susceptible to a null pointer dereference when handling malformed GIF images. libungif versions 4.1.3 and earlier are vulnerable. Ref: http://rhn.redhat.com/errata/RHSA-2005-828.html 05.45.12 CVE: CAN-2005-2974 Platform: Cross Platform Title: Libungif Colormap Handling Memory Corruption Description: Libungif is a library used for reading and writing gif images. It is prone to a memory corruption vulnerability. This issue results from a boundary condition error and may allow an attacker to trigger a denial of service condition or potentially execute arbitrary code. Libungif versions 4.1.3 and 4.1 are vulnerable. Ref: http://www.securityfocus.com/advisories/9660 Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 14238ce127e33a9d933d49b7287989b18c32e0c7 7.3/libungif-4.1.0-10.1.legacy.src.rpm f5c29f5f40175d707139e86b1ef33dfc56a87135 9/libungif-4.1.0-15.1.legacy.src.rpm f3384d782ddf9f17c75f62fc874e46bfd6966b53 1/libungif-4.1.0-16.1.legacy.src.rpm 71e8ce20a8a4ce09ff8f5e04d4a516cb1e79a8d0 2/libungif-4.1.0-17.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/libungif-4.1.0-10.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/libungif-4.1.0-15.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/libungif-4.1.0-16.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/libungif-4.1.0-17.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD+QGeLMAs/0C4zNoRAncAAJ0ZcBNWevkvnxn2sReom+a55CrreQCfZo+A sXLgJQGqRTuLaMrpq6K3TUs= =bT/A -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patch verified to come from RHEL +PUBLISH RHL73, RHL9, FC1, FC2 14238ce127e33a9d933d49b7287989b18c32e0c7 libungif-4.1.0-10.1.legacy.src.rpm f5c29f5f40175d707139e86b1ef33dfc56a87135 libungif-4.1.0-15.1.legacy.src.rpm f3384d782ddf9f17c75f62fc874e46bfd6966b53 libungif-4.1.0-16.1.legacy.src.rpm 71e8ce20a8a4ce09ff8f5e04d4a516cb1e79a8d0 libungif-4.1.0-17.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD+WbgGHbTkzxSL7QRAiO4AJ9ZAS0ao1VCICCcLT2Ov1sgw0ttLwCggvKP +W2TfiTnvNOROrS5lYnfZzc= =rCdQ -----END PGP SIGNATURE-----
Packages were sent to updates-testing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9. Signatures OK, upgrades OK. Tested ImageMagick which depends on this by looking at a couple of GIFs, works OK. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEBVECGHbTkzxSL7QRAuikAJ9+HTnpxqLU8htlLtsAWTpaj4WMVwCfQsma x6odO3t+7KDuD1PYVGuFFxU= =5niN -----END PGP SIGNATURE-----
Timeout over.
Packages were pushed to updates.