Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-890-1:A5789
HistoryNov 09, 2005 - 9:14 a.m.

[SECURITY] [DSA 890-1] New libungif4 packages fix several vulnerabilities

2005-11-0909:14:32
lists.debian.org
10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON

Debian Security Advisory DSA 890-1 [email protected]
http://www.debian.org/security/ Martin Schulze
November 9th, 2005 http://www.debian.org/security/faq

Package : libungif4
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2974 CVE-2005-3350
Debian Bug : 337972

Chris Evans discovered several security related problems in libungif4,
a shared library for GIF images. The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:

CVE-2005-2974

Null pointer dereference, that could cause a denial of service.

CVE-2005-3350

Out of bounds memory access that could cause a denial of service
or the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 4.1.0b1-2woody1.

For the stable distribution (sarge) these problems have been fixed in
version 4.1.3-2sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libungif4 packages.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1-2woody1.dsc
  Size/MD5 checksum:      675 193e9d1e48023d8d8a68b6b47117bd3d
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1-2woody1.diff.gz
  Size/MD5 checksum:    27508 91b78e7830e28f8acccc249a47ec8b56
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1.orig.tar.gz
  Size/MD5 checksum:   351757 20d96eb90cf818a1da093614c44ad3e5

Alpha architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_alpha.deb
  Size/MD5 checksum:   285014 9e17b79f15df1cfb9aedd60feba2afe9
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_alpha.deb
  Size/MD5 checksum:    40756 8097a2e1e0fa17b39e4fdfd9bc28879d
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_alpha.deb
  Size/MD5 checksum:    54530 4ac2a7261df16ee8d10bc21c36a295b5

ARM architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_arm.deb
  Size/MD5 checksum:   202104 46a240858733d79c0baf5ebe6c243ff1
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_arm.deb
  Size/MD5 checksum:    36502 9ed4b465c89df64bba1514ce82aec53b
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_arm.deb
  Size/MD5 checksum:    51430 06180a7e6f55d6f6e2d4db7201f4180f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_i386.deb
  Size/MD5 checksum:   201766 9c5ce5176dd0699241aeb96fb5546461
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_i386.deb
  Size/MD5 checksum:    33840 d368a92eeff505e55277410786af1b45
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_i386.deb
  Size/MD5 checksum:    50088 3b0fbc30998dff62708290f4c86f2d00

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_ia64.deb
  Size/MD5 checksum:   256632 eac1e46e0c49533af5d434a9a6d8f8fa
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_ia64.deb
  Size/MD5 checksum:    45352 a6f1dc47e819dfe577c8ea404e8b5276
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_ia64.deb
  Size/MD5 checksum:    60604 3bc0eab856905cca5f9a0523a6ddaff8

HP Precision architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_hppa.deb
  Size/MD5 checksum:   217600 9037e57c508a9f57a4dd594688e218b5
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_hppa.deb
  Size/MD5 checksum:    38582 52a9dd58156cf29265be55342cfe9976
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_hppa.deb
  Size/MD5 checksum:    53664 9eac9c68882b2e7b2a8e733dd1693acc

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_m68k.deb
  Size/MD5 checksum:   195020 8dbd776ed4423f337159901c55a34eba
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_m68k.deb
  Size/MD5 checksum:    32668 5bf4ca4a1ec36fbf7ec0cb851610668d
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_m68k.deb
  Size/MD5 checksum:    49690 7027e8329bccc378cbc4f9101c52d219

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_mips.deb
  Size/MD5 checksum:   217482 66d18610da227997b66168bb5da60204
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_mips.deb
  Size/MD5 checksum:    37258 1a2e0c8632458aa4ae30e28e2b6725bd
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_mips.deb
  Size/MD5 checksum:    51076 f69f36bf39bd8e7565aef0eabf88add2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_mipsel.deb
  Size/MD5 checksum:   216500 6b01fc4f751245669557f296a7318616
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_mipsel.deb
  Size/MD5 checksum:    37298 44a64a53aab5fc93d6e19721969a9223
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_mipsel.deb
  Size/MD5 checksum:    51028 f69ac85898c933b7f3c9ad6f3e609f66

PowerPC architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_powerpc.deb
  Size/MD5 checksum:   210770 2824839478cdbf162118ed5691b850d9
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_powerpc.deb
  Size/MD5 checksum:    36572 dcade541d45af60284125f9b83bbb02f
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_powerpc.deb
  Size/MD5 checksum:    51380 85744ab07964462ae4e06ebe48b534f4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_s390.deb
  Size/MD5 checksum:   201880 9c1b56749db3eb854080c68691b33cae
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_s390.deb
  Size/MD5 checksum:    34436 23c1ebb27f269f5200095b9b46124280
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_s390.deb
  Size/MD5 checksum:    51220 b35cc84066db65590ebf19c8e2e61b60

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_sparc.deb
  Size/MD5 checksum:   213266 1d886962d7fcaf46534d566b34f3a1d8
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_sparc.deb
  Size/MD5 checksum:    35146 d48362803d986553f3b9e5ad902b11fe
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_sparc.deb
  Size/MD5 checksum:    53522 98deecdd602b6547c1a798e2bc01672e

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3-2sarge1.dsc
  Size/MD5 checksum:      633 370977c843f6d4ee1ea6c258a0c4c0ca
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3-2sarge1.diff.gz
  Size/MD5 checksum:    27108 bc10284064611128f156b57ee2e1f08f
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz
  Size/MD5 checksum:   569667 cb11e300347ad29e502abc6f56fd23df

Alpha architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_alpha.deb
  Size/MD5 checksum:   236844 58ea752756dfe522bea9f76714d9f98f
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_alpha.deb
  Size/MD5 checksum:    46170 1c4628dce2c611cd5380c10e2a26ae96
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_alpha.deb
  Size/MD5 checksum:    60132 793317902d6eda7db5441cddcb15bbe9

AMD64 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_amd64.deb
  Size/MD5 checksum:   224450 f0d7c963c17194d3672bbf234008ec75
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_amd64.deb
  Size/MD5 checksum:    41162 2616e9094869f1a405e321086591597c
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_amd64.deb
  Size/MD5 checksum:    57492 ef3f34efffca29bacaed90858b718fac

ARM architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_arm.deb
  Size/MD5 checksum:   202700 c0271f975cd87801272e59c85cf875ed
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_arm.deb
  Size/MD5 checksum:    41006 6005a4cce9a09bc1dc84a5d81a5160a9
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_arm.deb
  Size/MD5 checksum:    56166 cabba1c98b65657313ce72c7ce7cc6c3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_i386.deb
  Size/MD5 checksum:   207322 f9b6947dd5f438c790623a878a28c3a2
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_i386.deb
  Size/MD5 checksum:    38826 a7e4c26e62b07536832c108494f30ea1
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_i386.deb
  Size/MD5 checksum:    55992 0303cf6fff90a2bee99881e685c2fb57

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_ia64.deb
  Size/MD5 checksum:   249606 d2b37be33b62a3824baaaacdb7edfec3
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_ia64.deb
  Size/MD5 checksum:    49626 f55b7c590c72f41a1d55283d70e0ea91
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_ia64.deb
  Size/MD5 checksum:    64614 0da7f213fefaae2e4fadd86b8ebcb447

HP Precision architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_hppa.deb
  Size/MD5 checksum:   222446 606042edef8e329dba16a6edbf1a79a7
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_hppa.deb
  Size/MD5 checksum:    41630 d300c2533d82c86214638be785b33e1e
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_hppa.deb
  Size/MD5 checksum:    58784 55be1daa196494c7b7044b4568b852bd

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_m68k.deb
  Size/MD5 checksum:   200108 8529581e4d2c052a091929f3e24cff00
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_m68k.deb
  Size/MD5 checksum:    37624 621fbdc947c40e4eac9ef3a83227b439
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_m68k.deb
  Size/MD5 checksum:    54982 081cfdd2e832f42d56922b65b08ce555

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_mips.deb
  Size/MD5 checksum:   311002 f87e0d458cd4484e99a7258b63a356a7
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_mips.deb
  Size/MD5 checksum:    41956 7669feeda0ba3afa3d4ed4060df610f1
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_mips.deb
  Size/MD5 checksum:    56750 de8ee2a520d2c12978f225a4ab575055

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_mipsel.deb
  Size/MD5 checksum:   312952 885ccda66628530751379778a9f93010
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_mipsel.deb
  Size/MD5 checksum:    41996 e74ce0bdf1358ab9bf25e0a1022531b0
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_mipsel.deb
  Size/MD5 checksum:    56784 f36b31b111035434b22bebaba0921f40

PowerPC architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_powerpc.deb
  Size/MD5 checksum:   239004 4ab6ed66b4358c82cf2c5b47f190d4bf
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_powerpc.deb
  Size/MD5 checksum:    41276 cd27a14a71e72373f4af47afe691a49d
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_powerpc.deb
  Size/MD5 checksum:    58422 16c15cbe03e040b3f76ce80de59eb46f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_s390.deb
  Size/MD5 checksum:   209420 f66d881e20d413bac1c97908b3cc6e27
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_s390.deb
  Size/MD5 checksum:    40758 d1709a5ebe6aace2187d211a94007f47
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_s390.deb
  Size/MD5 checksum:    57704 30134e5e5fea8b09925b8daf99314afb

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_sparc.deb
  Size/MD5 checksum:   207918 0d69a5eb14517559a747ee75a171ec4f
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_sparc.deb
  Size/MD5 checksum:    39600 4bb95d420b9aef12ff2f08b6330417ff
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_sparc.deb
  Size/MD5 checksum:    56200 93cef9f13cc90d47c27231953ea3e2cb

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3hppalibungif-bin< 4.1.0b1-2woody1libungif-bin_4.1.0b1-2woody1_hppa.deb
Debian3.1powerpclibungif-bin< 4.1.3-2sarge1libungif-bin_4.1.3-2sarge1_powerpc.deb
Debian3powerpclibungif-bin< 4.1.0b1-2woody1libungif-bin_4.1.0b1-2woody1_powerpc.deb
Debian3.1armlibungif-bin< 4.1.3-2sarge1libungif-bin_4.1.3-2sarge1_arm.deb
Debian3.1ia64libungif4-dev< 4.1.3-2sarge1libungif4-dev_4.1.3-2sarge1_ia64.deb
Debian3mipsellibungif-bin< 4.1.0b1-2woody1libungif-bin_4.1.0b1-2woody1_mipsel.deb
Debian3.1armlibungif4g< 4.1.3-2sarge1libungif4g_4.1.3-2sarge1_arm.deb
Debian3.1hppalibungif4g< 4.1.3-2sarge1libungif4g_4.1.3-2sarge1_hppa.deb
Debian3mipsellibungif4-dev< 4.1.0b1-2woody1libungif4-dev_4.1.0b1-2woody1_mipsel.deb
Debian3m68klibungif4g< 4.1.0b1-2woody1libungif4g_4.1.0b1-2woody1_m68k.deb
Rows per page:
1-10 of 711

Related

redhat 2
nessus 15
gentoo 1
openvas 17
centos 3
securityvulns 1
osv 1
ubuntu 1
fedora 2
oraclelinux 1
debian 1
ubuntucve 2
cvelist 2
nvd 2
debiancve 2
cve 2
redhat
redhat
(RHSA-2005:828) libungif security update
2005-11-03 00:00:00
(RHSA-2009:0444) Important: giflib security update
2009-04-22 00:00:00
nessus
nessus
Oracle Linux 5 : giflib (ELSA-2009-0444)
2013-07-12 00:00:00
CentOS 5 : giflib (CESA-2009:0444)
2010-01-06 00:00:00
Mandrake Linux Security Advisory : libungif (MDKSA-2005:207)
2006-01-15 00:00:00
gentoo
gentoo
giflib: Multiple vulnerabilities
2005-11-04 00:00:00
openvas
openvas
Debian Security Advisory DSA 890-1 (libungif4)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200511-03 (giflib)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200511-03 (giflib)
2008-09-24 00:00:00
centos
centos
giflib security update
2009-04-23 20:53:06
libungif security update
2005-11-03 22:20:29
libungif security update
2005-11-03 19:24:03
securityvulns
securityvulns
[Full-disclosure] [ GLSA 200511-03 ] giflib: Multiple vulnerabilities
2005-11-04 00:00:00
osv
osv
libungif4 - several
2005-11-09 00:00:00
ubuntu
ubuntu
libungif vulnerabilities
2005-11-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: giflib-4.1.3-10.fc9
2009-05-19 02:09:16
[SECURITY] Fedora 10 Update: giflib-4.1.6-2.fc10
2009-06-18 11:39:31
oraclelinux
oraclelinux
giflib security update
2009-04-22 00:00:00
debian
debian
[SECURITY] [DSA 890-1] New libungif4 packages fix several vulnerabilities
2005-11-09 09:14:32
ubuntucve
ubuntucve
CVE-2005-3350
2005-11-03 00:00:00
CVE-2005-2974
2005-11-03 00:00:00
cvelist
cvelist
CVE-2005-3350
2005-11-04 00:00:00
CVE-2005-2974
2005-11-04 00:00:00
nvd
nvd
CVE-2005-3350
2005-11-04 00:02:00
CVE-2005-2974
2005-11-04 00:02:00
debiancve
debiancve
CVE-2005-3350
2005-11-04 00:02:00
CVE-2005-2974
2005-11-04 00:02:00
cve
cve
CVE-2005-3350
2005-11-04 00:02:00
CVE-2005-2974
2005-11-04 00:02:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON
Related for DEBIAN:DSA-890-1:A5789
redhat2nessus15gentoo1openvas17centos3securityvulns1osv1ubuntu1fedora2oraclelinux1debian1ubuntucve2cvelist2nvd2debiancve2cve2