Login
Newsletter
Werbung

Sicherheit: Denial of Service in libwmf
Aktuelle Meldungen Distributionen
Name: Denial of Service in libwmf
ID: TLSA-2007-40
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
Datum: Do, 2. August 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
Applikationen: libwmf

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-40
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date : 01 Aug 2007
Last revised : 01 Aug 2007

Package: libwmf

Summary: libwmf denial of service

More information:
Libwmf is a library for reading vector images in MicrosÞft's native
WindÞws Metafile
Format (WMF)

The gdPngReadData function allows user-assisted attackers to cause a denial
of service.

Impact:
Causes an infinite loop in the png_read_info function in libpng.

Affected Products:
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal


<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

libwmf-0.2.8.3-4.src.rpm
1753133 9b80f7bded003633e0c9f897129caa7d

Binary Packages
Size: MD5

libwmf-0.2.8.3-4.i586.rpm
1039717 968fc46eab345f4660c47bcaecff5361
libwmf-devel-0.2.8.3-4.i586.rpm
184881 09fafafd8156bd6ff207a895778542e6

<Turbolinux FUJI>

Source Packages
Size: MD5

libwmf-0.2.8.3-4.src.rpm
1753133 98abe15d4599950d171d81c4edb27ce4

Binary Packages
Size: MD5

libwmf-0.2.8.3-4.i686.rpm
1156285 d2d694a6a9210c3f499478710ae2a074
libwmf-devel-0.2.8.3-4.i686.rpm
205154 32b8e870c9d8dab00fc31797c8503bbe

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

libwmf-0.2.8.3-4.src.rpm
1753133 d8eb4a28c630f448e35ade164df23033

Binary Packages
Size: MD5

libwmf-0.2.8.3-4.x86_64.rpm
1058531 9078f23787631137d172552aebbbc018
libwmf-devel-0.2.8.3-4.x86_64.rpm
190530 98c6aad678e4d35dd37d114f0671a6a8

<Turbolinux 10 Server>

Source Packages
Size: MD5

libwmf-0.2.8.3-4.src.rpm
1753133 843812c7ba543aed75a5580414beba09

Binary Packages
Size: MD5

libwmf-0.2.8.3-4.i586.rpm
1039717 968fc46eab345f4660c47bcaecff5361
libwmf-devel-0.2.8.3-4.i586.rpm
184881 09fafafd8156bd6ff207a895778542e6

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

libwmf-0.2.8.3-4.src.rpm
1753133 df5c07e0bb9adc2b331c3a332b8b0c98

Binary Packages
Size: MD5

libwmf-0.2.8.3-4.i586.rpm
1040690 137ffd6b7a0d3c0fb1879f88ed331237


References:

CVE
[CVE-2007-2756]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756

--------------------------------------------------------------------------
Revision History
01 Aug 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGsBoqK0LzjOqIJMwRAoNWAJ9L14GIZ7e2FwV0q3L+zx+9O3YIMgCfdk3Z
P/jbZzFvkXmD46RPEWo0dZE=
=c2cF
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung