Login
Newsletter
Werbung

Sicherheit: Denial of Service in libpng
Aktuelle Meldungen Distributionen
Name: Denial of Service in libpng
ID: TLSA-2007-45
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition, TurboLinux wizpy
Datum: Do, 23. August 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
Applikationen: libpng

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-45
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 22 Aug 2007
Last revised: 22 Aug 2007

Package: libpng

Summary: Denial of service

More information:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG is
a bit-mapped graphics format similar to the GIF format. PNG was created to
replace the GIF format, since GIF uses a patented data compression
algorithm.

The sPLT chunk handling code in libpng uses a sizeof operator on the wrong
data type, which allows context-dependent attackers to cause a denial of
service.
The png_handle_tRNS function in libpng allows remote attackers to cause a
denial of service (application crash) via a grayscale PNG image.

Impact:
Context-dependent attackers to cause a denial of service.
Remote attackers to cause a denial of service.

Affected Products:
- wizpy
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server


<wizpy>

Source Packages
Size: MD5

libpng-1.2.8-2.src.rpm
398895 6b7da9eca35706e908bc456670099102

Binary Packages
Size: MD5

libpng-1.2.8-2.i386.rpm
176946 c5af8910f863c289a031c23b7644e4ae

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

libpng-1.2.6-6.src.rpm
393909 efffadd550ef2513e6846f05eb606a43

Binary Packages
Size: MD5

libpng-1.2.6-6.i586.rpm
163404 e39856c8064f0a5eedfa3f7af0a52cdd
libpng-devel-1.2.6-6.i586.rpm
194371 c9a2d0d1101e09e65b1e1f40a7ad1896

<Turbolinux FUJI>

Source Packages
Size: MD5

libpng-1.2.8-2.src.rpm
398895 6aa2e9d7e08e92797c1494178aca7665

Binary Packages
Size: MD5

libpng-1.2.8-2.i686.rpm
198662 8be2f2020d585c4ffd5a8a859c82545f
libpng-devel-1.2.8-2.i686.rpm
224111 e2297bc9a4fe64f208577c36bc863653

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

libpng-1.2.6-6.src.rpm
393909 bc471978fb38266cec345d17503b1cc2

Binary Packages
Size: MD5

libpng-1.2.6-6.x86_64.rpm
168146 2ef8260c5bae1ad0118383bb8bbde33c
libpng-debug-1.2.6-6.x86_64.rpm
211110 1109af6cc85d4919348947b643da03d8
libpng-devel-1.2.6-6.x86_64.rpm
199651 233608beab066ba02172bb9be0d2a4c5

<Turbolinux Appliance Server 1.0 Hosting Edition>

Source Packages
Size: MD5

libpng-1.2.4-7.src.rpm
402870 97129cf9bba393e5847fd92c5d9b54f2

Binary Packages
Size: MD5

libpng-1.2.4-7.i586.rpm
135964 bbe7d417c25c920b7529001f674ab9c2

<Turbolinux Appliance Server 1.0 Workgroup Edition>

Source Packages
Size: MD5

libpng-1.2.4-7.src.rpm
402870 3f3d081f8fe551f17b7f284cc2da22fc

Binary Packages
Size: MD5

libpng-1.2.4-7.i586.rpm
136120 9f9447e2b757e0cd495e670d43d6c93e
libpng-devel-1.2.4-7.i586.rpm
159836 f1328f45faf36bd06acbc77a05bec442

<Turbolinux 10 Server>

Source Packages
Size: MD5

libpng-1.2.6-6.src.rpm
393909 efffadd550ef2513e6846f05eb606a43

Binary Packages
Size: MD5

libpng-1.2.6-6.i586.rpm
163404 e39856c8064f0a5eedfa3f7af0a52cdd
libpng-debug-1.2.6-6.i586.rpm
212077 2f83f35a178d84b095cde6a852d8dd7a
libpng-devel-1.2.6-6.i586.rpm
194371 c9a2d0d1101e09e65b1e1f40a7ad1896

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

libpng-1.2.6-6.src.rpm
393909 d35300fefaacae6ef8f46788b4f5fdca

Binary Packages
Size: MD5

libpng-1.2.6-6.i586.rpm
163328 fd8207433bfd46b09e968cbf0660c964
libpng-devel-1.2.6-6.i586.rpm
194323 c1f071ea985a254528f35a2917ed0a29

<Turbolinux 8 Server>

Source Packages
Size: MD5

libpng-1.2.4-7.src.rpm
402870 ad76a1bd9e75beb7daff17c5a61b5b11

Binary Packages
Size: MD5

libpng-1.2.4-7.i586.rpm
136077 f4a359262a5e808356fa4015a4c25728
libpng-devel-1.2.4-7.i586.rpm
159862 93ac2a375a0e4eabc1e25d1f484190f0


References:

CVE
[CVE-2006-5793]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
[CVE-2007-2445]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445

--------------------------------------------------------------------------
Revision History
22 Aug 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGy/hRK0LzjOqIJMwRAgLjAJ9jkQeTimZAa/iwLLkAZBzz178OQACgsl5t
mroWJ557ueYnHu8SQyHQF24=
=dZUk
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung