==========================================================================
Ubuntu Security Notice USN-4107-1
August 20, 2019
giflib vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GIFLIB.
Software Description:
– giflib: library for GIF images (utilities)
Details:
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977)
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-11490, CVE-2019-15133)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
giflib-tools 5.1.4-3ubuntu0.1
libgif7 5.1.4-3ubuntu0.1
Ubuntu 18.04 LTS:
giflib-tools 5.1.4-2ubuntu0.1
libgif7 5.1.4-2ubuntu0.1
Ubuntu 16.04 LTS:
giflib-tools 5.1.4-0.3~16.04.1
libgif7 5.1.4-0.3~16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4107-1
CVE-2016-3977, CVE-2018-11490, CVE-2019-15133
Package Information:
https://launchpad.net/ubuntu/+source/giflib/5.1.4-3ubuntu0.1
https://launchpad.net/ubuntu/+source/giflib/5.1.4-2ubuntu0.1
https://launchpad.net/ubuntu/+source/giflib/5.1.4-0.3~16.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdXCavAAoJEEW851uECx9piIcP/iO2Jo8GzJUTziG7Atg0QGbu
fKlIP6FEzrePPSxOxrdNlsvmVLhTwlE4rI0Bcz1rzJjz1yr9jeckbDjidID13a0r
qQJ8cYQ+uen39uHunKjTrRozsm7fUrIkFNxFp/Y0r3efMaLbfk0RlgIB0BbROM8A
VXrNM7XW5dOO2z7L+qiTZ4WBgSJ3RCgw1vo2rBsCVrZnqA+70cSWTwgBF6uIXqZb
f+LS550GTqq54zkLHv8CNECO1DaKAtW5s8yltAEsHBoC6U5jBYInM1a7iws2lJC0
sJmFUV3WA35D9T5N4CEuP/48nb47rieILS/paklo7/KT6qSu1ns04ICwuaIXzzXY
uIT/qUTO677o2oSFhAQ70Oe9h3umMqdCDaspUn2pbcnjRBjSW0TZZMQ1dWx145i+
Eh668N38J0HwY87WwYFwlTmLlhH/ZOOsPSy4PoJHuEPORng3wIByOkB0wSU58p4Q
WXxaKILdvDoQxP33TnHBW/ZCh43JklJErK6d69nYr1UNsHYRPtK/SPICJv/thvq7
OqZQIA9TMIODYSC0izrSyww5v3nf9QqZ13eNE44dyVMpbJSJ6mjQ2fhnMHr1aB4c
HhkM3MlOVbWUvQK5rUST02AgEehTdW5yZV4ci+PxiSwN/hbc43GEJ6dGwf5nCaGu
hcqw7SUgZ9gi87MfIuIX
=5NLH
—–END PGP SIGNATURE—–
—