You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke GIFLIB

Sigurnosni nedostaci programske biblioteke GIFLIB

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4107-1
August 20, 2019

giflib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GIFLIB.

Software Description:
– giflib: library for GIF images (utilities)

Details:

It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977)

It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-11490, CVE-2019-15133)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
giflib-tools 5.1.4-3ubuntu0.1
libgif7 5.1.4-3ubuntu0.1

Ubuntu 18.04 LTS:
giflib-tools 5.1.4-2ubuntu0.1
libgif7 5.1.4-2ubuntu0.1

Ubuntu 16.04 LTS:
giflib-tools 5.1.4-0.3~16.04.1
libgif7 5.1.4-0.3~16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4107-1
CVE-2016-3977, CVE-2018-11490, CVE-2019-15133

Package Information:
https://launchpad.net/ubuntu/+source/giflib/5.1.4-3ubuntu0.1
https://launchpad.net/ubuntu/+source/giflib/5.1.4-2ubuntu0.1
https://launchpad.net/ubuntu/+source/giflib/5.1.4-0.3~16.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdXCavAAoJEEW851uECx9piIcP/iO2Jo8GzJUTziG7Atg0QGbu
fKlIP6FEzrePPSxOxrdNlsvmVLhTwlE4rI0Bcz1rzJjz1yr9jeckbDjidID13a0r
qQJ8cYQ+uen39uHunKjTrRozsm7fUrIkFNxFp/Y0r3efMaLbfk0RlgIB0BbROM8A
VXrNM7XW5dOO2z7L+qiTZ4WBgSJ3RCgw1vo2rBsCVrZnqA+70cSWTwgBF6uIXqZb
f+LS550GTqq54zkLHv8CNECO1DaKAtW5s8yltAEsHBoC6U5jBYInM1a7iws2lJC0
sJmFUV3WA35D9T5N4CEuP/48nb47rieILS/paklo7/KT6qSu1ns04ICwuaIXzzXY
uIT/qUTO677o2oSFhAQ70Oe9h3umMqdCDaspUn2pbcnjRBjSW0TZZMQ1dWx145i+
Eh668N38J0HwY87WwYFwlTmLlhH/ZOOsPSy4PoJHuEPORng3wIByOkB0wSU58p4Q
WXxaKILdvDoQxP33TnHBW/ZCh43JklJErK6d69nYr1UNsHYRPtK/SPICJv/thvq7
OqZQIA9TMIODYSC0izrSyww5v3nf9QqZ13eNE44dyVMpbJSJ6mjQ2fhnMHr1aB4c
HhkM3MlOVbWUvQK5rUST02AgEehTdW5yZV4ci+PxiSwN/hbc43GEJ6dGwf5nCaGu
hcqw7SUgZ9gi87MfIuIX
=5NLH
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Wireshark

Otkriven je sigurnosni nedostatak u programskom paketu Wireshark za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close