SUSE-SU-2024:0786-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20240786-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:0786-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:0786-1
Related
Published
2024-03-06T20:07:22Z
Modified
2024-03-06T20:07:22Z
Summary
Security update for giflib
Details

This update for giflib fixes the following issues:

Update to version 5.2.2

  • Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
  • #138 Documentation for obsolete utilities still installed
  • #139: Typo in 'LZW image data' page ('1102 = 410')
  • #140: Typo in 'LZW image data' page ('LWZ')
  • #141: Typo in 'Bits and bytes' page ('filed')
  • Note as already fixed SF issue #143: cannot compile under mingw
  • #144: giflib-5.2.1 cannot be build on windows and other platforms using c89
  • #145: Remove manual pages installation for binaries that are not installed too
  • #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
  • #147 [PATCH] Fixes to doc/whatsinagif/ content
  • #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
  • Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
  • Declared Won't-fix on SF issue 149: Out of source builds no longer possible
  • #151: A heap-buffer-overflow in gif2rgb.c:294:45
  • #152: Fix some typos on the html documentation and man pages
  • #153: Fix segmentation faults due to non correct checking for args
  • #154: Recover the giffilter manual page
  • #155: Add gifsponge docs
  • #157: An OutofMemory-Exception or Memory Leak in gif2rgb
  • #158: There is a null pointer problem in gif2rgb
  • #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
  • #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
  • #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
  • #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
  • #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP5 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP4-LTSS / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP4 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Manager Proxy 4.3 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Manager%20Proxy%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Manager Server 4.3 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Manager%20Server%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

openSUSE:Leap 15.5 / giflib

Package

Name
giflib
Purl
purl:rpm/suse/giflib&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "giflib-progs": "5.2.2-150000.4.13.1",
            "libgif7": "5.2.2-150000.4.13.1",
            "libgif7-32bit": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1",
            "giflib-devel-32bit": "5.2.2-150000.4.13.1"
        }
    ]
}