-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 890-1 security@xxxxxxxxxx http://www.debian.org/security/ Martin Schulze November 9th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libungif4 Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2005-2974 CVE-2005-3350 Debian Bug : 337972 Chris Evans discovered several security related problems in libungif4, a shared library for GIF images. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-2974 Null pointer dereference, that could cause a denial of service. CVE-2005-3350 Out of bounds memory access that could cause a denial of service or the execution of arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 4.1.0b1-2woody1. For the stable distribution (sarge) these problems have been fixed in version 4.1.3-2sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libungif4 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1-2woody1.dsc Size/MD5 checksum: 675 193e9d1e48023d8d8a68b6b47117bd3d http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1-2woody1.diff.gz Size/MD5 checksum: 27508 91b78e7830e28f8acccc249a47ec8b56 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1.orig.tar.gz Size/MD5 checksum: 351757 20d96eb90cf818a1da093614c44ad3e5 Alpha architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_alpha.deb Size/MD5 checksum: 285014 9e17b79f15df1cfb9aedd60feba2afe9 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_alpha.deb Size/MD5 checksum: 40756 8097a2e1e0fa17b39e4fdfd9bc28879d http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_alpha.deb Size/MD5 checksum: 54530 4ac2a7261df16ee8d10bc21c36a295b5 ARM architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_arm.deb Size/MD5 checksum: 202104 46a240858733d79c0baf5ebe6c243ff1 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_arm.deb Size/MD5 checksum: 36502 9ed4b465c89df64bba1514ce82aec53b http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_arm.deb Size/MD5 checksum: 51430 06180a7e6f55d6f6e2d4db7201f4180f Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_i386.deb Size/MD5 checksum: 201766 9c5ce5176dd0699241aeb96fb5546461 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_i386.deb Size/MD5 checksum: 33840 d368a92eeff505e55277410786af1b45 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_i386.deb Size/MD5 checksum: 50088 3b0fbc30998dff62708290f4c86f2d00 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_ia64.deb Size/MD5 checksum: 256632 eac1e46e0c49533af5d434a9a6d8f8fa http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_ia64.deb Size/MD5 checksum: 45352 a6f1dc47e819dfe577c8ea404e8b5276 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_ia64.deb Size/MD5 checksum: 60604 3bc0eab856905cca5f9a0523a6ddaff8 HP Precision architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_hppa.deb Size/MD5 checksum: 217600 9037e57c508a9f57a4dd594688e218b5 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_hppa.deb Size/MD5 checksum: 38582 52a9dd58156cf29265be55342cfe9976 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_hppa.deb Size/MD5 checksum: 53664 9eac9c68882b2e7b2a8e733dd1693acc Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_m68k.deb Size/MD5 checksum: 195020 8dbd776ed4423f337159901c55a34eba http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_m68k.deb Size/MD5 checksum: 32668 5bf4ca4a1ec36fbf7ec0cb851610668d http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_m68k.deb Size/MD5 checksum: 49690 7027e8329bccc378cbc4f9101c52d219 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_mips.deb Size/MD5 checksum: 217482 66d18610da227997b66168bb5da60204 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_mips.deb Size/MD5 checksum: 37258 1a2e0c8632458aa4ae30e28e2b6725bd http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_mips.deb Size/MD5 checksum: 51076 f69f36bf39bd8e7565aef0eabf88add2 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_mipsel.deb Size/MD5 checksum: 216500 6b01fc4f751245669557f296a7318616 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_mipsel.deb Size/MD5 checksum: 37298 44a64a53aab5fc93d6e19721969a9223 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_mipsel.deb Size/MD5 checksum: 51028 f69ac85898c933b7f3c9ad6f3e609f66 PowerPC architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_powerpc.deb Size/MD5 checksum: 210770 2824839478cdbf162118ed5691b850d9 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_powerpc.deb Size/MD5 checksum: 36572 dcade541d45af60284125f9b83bbb02f http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_powerpc.deb Size/MD5 checksum: 51380 85744ab07964462ae4e06ebe48b534f4 IBM S/390 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_s390.deb Size/MD5 checksum: 201880 9c1b56749db3eb854080c68691b33cae http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_s390.deb Size/MD5 checksum: 34436 23c1ebb27f269f5200095b9b46124280 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_s390.deb Size/MD5 checksum: 51220 b35cc84066db65590ebf19c8e2e61b60 Sun Sparc architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_sparc.deb Size/MD5 checksum: 213266 1d886962d7fcaf46534d566b34f3a1d8 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_sparc.deb Size/MD5 checksum: 35146 d48362803d986553f3b9e5ad902b11fe http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_sparc.deb Size/MD5 checksum: 53522 98deecdd602b6547c1a798e2bc01672e Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3-2sarge1.dsc Size/MD5 checksum: 633 370977c843f6d4ee1ea6c258a0c4c0ca http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3-2sarge1.diff.gz Size/MD5 checksum: 27108 bc10284064611128f156b57ee2e1f08f http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz Size/MD5 checksum: 569667 cb11e300347ad29e502abc6f56fd23df Alpha architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_alpha.deb Size/MD5 checksum: 236844 58ea752756dfe522bea9f76714d9f98f http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_alpha.deb Size/MD5 checksum: 46170 1c4628dce2c611cd5380c10e2a26ae96 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_alpha.deb Size/MD5 checksum: 60132 793317902d6eda7db5441cddcb15bbe9 AMD64 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_amd64.deb Size/MD5 checksum: 224450 f0d7c963c17194d3672bbf234008ec75 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_amd64.deb Size/MD5 checksum: 41162 2616e9094869f1a405e321086591597c http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_amd64.deb Size/MD5 checksum: 57492 ef3f34efffca29bacaed90858b718fac ARM architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_arm.deb Size/MD5 checksum: 202700 c0271f975cd87801272e59c85cf875ed http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_arm.deb Size/MD5 checksum: 41006 6005a4cce9a09bc1dc84a5d81a5160a9 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_arm.deb Size/MD5 checksum: 56166 cabba1c98b65657313ce72c7ce7cc6c3 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_i386.deb Size/MD5 checksum: 207322 f9b6947dd5f438c790623a878a28c3a2 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_i386.deb Size/MD5 checksum: 38826 a7e4c26e62b07536832c108494f30ea1 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_i386.deb Size/MD5 checksum: 55992 0303cf6fff90a2bee99881e685c2fb57 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_ia64.deb Size/MD5 checksum: 249606 d2b37be33b62a3824baaaacdb7edfec3 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_ia64.deb Size/MD5 checksum: 49626 f55b7c590c72f41a1d55283d70e0ea91 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_ia64.deb Size/MD5 checksum: 64614 0da7f213fefaae2e4fadd86b8ebcb447 HP Precision architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_hppa.deb Size/MD5 checksum: 222446 606042edef8e329dba16a6edbf1a79a7 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_hppa.deb Size/MD5 checksum: 41630 d300c2533d82c86214638be785b33e1e http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_hppa.deb Size/MD5 checksum: 58784 55be1daa196494c7b7044b4568b852bd Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_m68k.deb Size/MD5 checksum: 200108 8529581e4d2c052a091929f3e24cff00 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_m68k.deb Size/MD5 checksum: 37624 621fbdc947c40e4eac9ef3a83227b439 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_m68k.deb Size/MD5 checksum: 54982 081cfdd2e832f42d56922b65b08ce555 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_mips.deb Size/MD5 checksum: 311002 f87e0d458cd4484e99a7258b63a356a7 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_mips.deb Size/MD5 checksum: 41956 7669feeda0ba3afa3d4ed4060df610f1 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_mips.deb Size/MD5 checksum: 56750 de8ee2a520d2c12978f225a4ab575055 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_mipsel.deb Size/MD5 checksum: 312952 885ccda66628530751379778a9f93010 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_mipsel.deb Size/MD5 checksum: 41996 e74ce0bdf1358ab9bf25e0a1022531b0 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_mipsel.deb Size/MD5 checksum: 56784 f36b31b111035434b22bebaba0921f40 PowerPC architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_powerpc.deb Size/MD5 checksum: 239004 4ab6ed66b4358c82cf2c5b47f190d4bf http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_powerpc.deb Size/MD5 checksum: 41276 cd27a14a71e72373f4af47afe691a49d http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_powerpc.deb Size/MD5 checksum: 58422 16c15cbe03e040b3f76ce80de59eb46f IBM S/390 architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_s390.deb Size/MD5 checksum: 209420 f66d881e20d413bac1c97908b3cc6e27 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_s390.deb Size/MD5 checksum: 40758 d1709a5ebe6aace2187d211a94007f47 http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_s390.deb Size/MD5 checksum: 57704 30134e5e5fea8b09925b8daf99314afb Sun Sparc architecture: http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_sparc.deb Size/MD5 checksum: 207918 0d69a5eb14517559a747ee75a171ec4f http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_sparc.deb Size/MD5 checksum: 39600 4bb95d420b9aef12ff2f08b6330417ff http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_sparc.deb Size/MD5 checksum: 56200 93cef9f13cc90d47c27231953ea3e2cb These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDcb34W5ql+IAeqTIRAlMlAJ9DkW0BvQsj05QdEVNMVLq3OfBajwCdH9Td JnUaNCMeyXBakd99d3tLFKI= =GUtX -----END PGP SIGNATURE-----
