--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-1045 2005-11-03 --------------------------------------------------------------------- Product : Fedora Core 3 Name : libungif Version : 4.1.3 Release : 1.fc3.2 Summary : A library for manipulating GIF format image files. Description : The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format (i.e., it won't use the patented LZW compression used to save "normal" compressed GIF files). Install the libungif package if you need to manipulate GIF files. You should also install the libungif-progs package. --------------------------------------------------------------------- Update Information: The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format; it will not use the patented LZW compression used to save "normal" compressed GIF files. A bug was found in the way libungif handles colormaps. An attacker could create a GIF file in such a way that could cause out-of-bounds writes and register corruptions. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2974 to this issue. All users of libungif should upgrade to the updated packages, which contain a backported patch to resolve this issue. --------------------------------------------------------------------- * Fri Oct 21 2005 Matthias Clasen <mclasen@xxxxxxxxxx> 4.1.3-1.fc3.2 - Fix several register corruptions and an out-of-bounds write. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ 59b249a82af75aac014f5f59feb9cc90 SRPMS/libungif-4.1.3-1.fc3.2.src.rpm 957e1e48dea2fd1c00002300383ea0ff x86_64/libungif-4.1.3-1.fc3.2.x86_64.rpm 22e85959823663ab61a3051c647ee4db x86_64/libungif-devel-4.1.3-1.fc3.2.x86_64.rpm 294a1239db36f6ed2a19d81ce231cccf x86_64/libungif-progs-4.1.3-1.fc3.2.x86_64.rpm 52e4a7e9202399f70a70c9acd8f91ebf x86_64/debug/libungif-debuginfo-4.1.3-1.fc3.2.x86_64.rpm fb89bd175856a46addbba3ccdd425311 x86_64/libungif-4.1.3-1.fc3.2.i386.rpm fb89bd175856a46addbba3ccdd425311 i386/libungif-4.1.3-1.fc3.2.i386.rpm ca85f8bee06885cc740ac3525892059b i386/libungif-devel-4.1.3-1.fc3.2.i386.rpm afae5a45ffcaa93b91f4b360abe30c93 i386/libungif-progs-4.1.3-1.fc3.2.i386.rpm 0ab5bdd2c1c837c0a3e78f5465c3edb5 i386/debug/libungif-debuginfo-4.1.3-1.fc3.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-announce-list