drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in libpng
Name: |
Denial of Service in libpng |
|
ID: |
TLSA-2007-45 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition, TurboLinux wizpy |
|
Datum: |
Do, 23. August 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 |
|
Applikationen: |
libpng |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-45 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 22 Aug 2007 Last revised: 22 Aug 2007
Package: libpng
Summary: Denial of service
More information: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. The sPLT chunk handling code in libpng uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service. The png_handle_tRNS function in libpng allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image. Impact: Context-dependent attackers to cause a denial of service. Remote attackers to cause a denial of service.
Affected Products: - wizpy - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server
<wizpy>
Source Packages Size: MD5
libpng-1.2.8-2.src.rpm 398895 6b7da9eca35706e908bc456670099102
Binary Packages Size: MD5
libpng-1.2.8-2.i386.rpm 176946 c5af8910f863c289a031c23b7644e4ae
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
libpng-1.2.6-6.src.rpm 393909 efffadd550ef2513e6846f05eb606a43
Binary Packages Size: MD5
libpng-1.2.6-6.i586.rpm 163404 e39856c8064f0a5eedfa3f7af0a52cdd libpng-devel-1.2.6-6.i586.rpm 194371 c9a2d0d1101e09e65b1e1f40a7ad1896
<Turbolinux FUJI>
Source Packages Size: MD5
libpng-1.2.8-2.src.rpm 398895 6aa2e9d7e08e92797c1494178aca7665
Binary Packages Size: MD5
libpng-1.2.8-2.i686.rpm 198662 8be2f2020d585c4ffd5a8a859c82545f libpng-devel-1.2.8-2.i686.rpm 224111 e2297bc9a4fe64f208577c36bc863653
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
libpng-1.2.6-6.src.rpm 393909 bc471978fb38266cec345d17503b1cc2
Binary Packages Size: MD5
libpng-1.2.6-6.x86_64.rpm 168146 2ef8260c5bae1ad0118383bb8bbde33c libpng-debug-1.2.6-6.x86_64.rpm 211110 1109af6cc85d4919348947b643da03d8 libpng-devel-1.2.6-6.x86_64.rpm 199651 233608beab066ba02172bb9be0d2a4c5
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
libpng-1.2.4-7.src.rpm 402870 97129cf9bba393e5847fd92c5d9b54f2
Binary Packages Size: MD5
libpng-1.2.4-7.i586.rpm 135964 bbe7d417c25c920b7529001f674ab9c2
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
libpng-1.2.4-7.src.rpm 402870 3f3d081f8fe551f17b7f284cc2da22fc
Binary Packages Size: MD5
libpng-1.2.4-7.i586.rpm 136120 9f9447e2b757e0cd495e670d43d6c93e libpng-devel-1.2.4-7.i586.rpm 159836 f1328f45faf36bd06acbc77a05bec442
<Turbolinux 10 Server>
Source Packages Size: MD5
libpng-1.2.6-6.src.rpm 393909 efffadd550ef2513e6846f05eb606a43
Binary Packages Size: MD5
libpng-1.2.6-6.i586.rpm 163404 e39856c8064f0a5eedfa3f7af0a52cdd libpng-debug-1.2.6-6.i586.rpm 212077 2f83f35a178d84b095cde6a852d8dd7a libpng-devel-1.2.6-6.i586.rpm 194371 c9a2d0d1101e09e65b1e1f40a7ad1896
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
libpng-1.2.6-6.src.rpm 393909 d35300fefaacae6ef8f46788b4f5fdca
Binary Packages Size: MD5
libpng-1.2.6-6.i586.rpm 163328 fd8207433bfd46b09e968cbf0660c964 libpng-devel-1.2.6-6.i586.rpm 194323 c1f071ea985a254528f35a2917ed0a29
<Turbolinux 8 Server>
Source Packages Size: MD5
libpng-1.2.4-7.src.rpm 402870 ad76a1bd9e75beb7daff17c5a61b5b11
Binary Packages Size: MD5
libpng-1.2.4-7.i586.rpm 136077 f4a359262a5e808356fa4015a4c25728 libpng-devel-1.2.4-7.i586.rpm 159862 93ac2a375a0e4eabc1e25d1f484190f0
References:
CVE [CVE-2006-5793] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 [CVE-2007-2445] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
-------------------------------------------------------------------------- Revision History 22 Aug 2007 Initial release --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGy/hRK0LzjOqIJMwRAgLjAJ9jkQeTimZAa/iwLLkAZBzz178OQACgsl5t mroWJ557ueYnHu8SQyHQF24= =dZUk -----END PGP SIGNATURE-----
|
|
|
|