News

=========================================================== Ubuntu Security Notice USN-214-1 November 07, 2005 libungif4 vulnerabilities CVE-2005-2974, CVE-2005-3350 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 4.10 (Breezy Badger) The following packages are affected: libungif4g The problem can be corrected by upgrading the affected package to version 4.1.0b1-6ubuntu0.1 (for Ubuntu 4.10), 4.1.3-1ubuntu0.1 (for Ubuntu 5.04), or 4.1.3-2ubuntu0.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif.