Mageia alert MGASA-2019-0096 (giflib)

From:
             
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
             
 
updates-announce@ml.mageia.org 
Subject:
             
 
[updates-announce] MGASA-2019-0096: Updated giflib packages fix security vulnerability 
Date:
             
 
Wed, 20 Feb 2019 23:18:56 +0100
Message-ID:
             
 
<20190220221856.0BC969FB4A@duvel.mageia.org>
MGASA-2019-0096 - Updated giflib packages fix security vulnerability

Publication date: 20 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0096.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-11490

Description:
Null dereferences in main() of gifclrmp.
Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c.
CVE-2018-11490)
Segmentation fault in PrintCodeBlock.
Segmentation fault of giftool reading a crafted file.
Floating point exception in giftext utility.
Heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317.
Ineffective bounds check in DGifSlurp.
GIFLIB 5.1.4: DGifSlurp fails on empty comment.

References:
- https://bugs.mageia.org/show_bug.cgi?id=24378
- https://sourceforge.net/p/giflib/code/ci/master/tree/NEWS
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...

SRPMS:
- 6/core/giflib-5.1.6-1.mga6