Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition, TurboLinux wizpy |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-45
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 22 Aug 2007
Last revised: 22 Aug 2007
Package: libpng
Summary: Denial of service
More information:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG is
a bit-mapped graphics format similar to the GIF format. PNG was created to
replace the GIF format, since GIF uses a patented data compression
algorithm.
The sPLT chunk handling code in libpng uses a sizeof operator on the wrong
data type, which allows context-dependent attackers to cause a denial of
service.
The png_handle_tRNS function in libpng allows remote attackers to cause a
denial of service (application crash) via a grayscale PNG image.
Impact:
Context-dependent attackers to cause a denial of service.
Remote attackers to cause a denial of service.
Affected Products:
- wizpy
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
Source Packages
Size: MD5
libpng-1.2.8-2.src.rpm
398895 6b7da9eca35706e908bc456670099102
Binary Packages
Size: MD5
libpng-1.2.8-2.i386.rpm
176946 c5af8910f863c289a031c23b7644e4ae
Source Packages
Size: MD5
libpng-1.2.6-6.src.rpm
393909 efffadd550ef2513e6846f05eb606a43
Binary Packages
Size: MD5
libpng-1.2.6-6.i586.rpm
163404 e39856c8064f0a5eedfa3f7af0a52cdd
libpng-devel-1.2.6-6.i586.rpm
194371 c9a2d0d1101e09e65b1e1f40a7ad1896
Source Packages
Size: MD5
libpng-1.2.8-2.src.rpm
398895 6aa2e9d7e08e92797c1494178aca7665
Binary Packages
Size: MD5
libpng-1.2.8-2.i686.rpm
198662 8be2f2020d585c4ffd5a8a859c82545f
libpng-devel-1.2.8-2.i686.rpm
224111 e2297bc9a4fe64f208577c36bc863653
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/libpng-1.2.6-6.src.rpm
393909 bc471978fb38266cec345d17503b1cc2
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libpng-1.2.6-6.x86_64.rpm
168146 2ef8260c5bae1ad0118383bb8bbde33c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libpng-debug-1.2.6-6.x86_64.rpm
211110 1109af6cc85d4919348947b643da03d8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libpng-devel-1.2.6-6.x86_64.rpm
199651 233608beab066ba02172bb9be0d2a4c5
Source Packages
Size: MD5
libpng-1.2.4-7.src.rpm
402870 97129cf9bba393e5847fd92c5d9b54f2
Binary Packages
Size: MD5
libpng-1.2.4-7.i586.rpm
135964 bbe7d417c25c920b7529001f674ab9c2
Source Packages
Size: MD5
libpng-1.2.4-7.src.rpm
402870 3f3d081f8fe551f17b7f284cc2da22fc
Binary Packages
Size: MD5
libpng-1.2.4-7.i586.rpm
136120 9f9447e2b757e0cd495e670d43d6c93e
libpng-devel-1.2.4-7.i586.rpm
159836 f1328f45faf36bd06acbc77a05bec442
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libpng-1.2.6-6.src.rpm
393909 efffadd550ef2513e6846f05eb606a43
Binary Packages
Size: MD5
libpng-1.2.6-6.i586.rpm
163404 e39856c8064f0a5eedfa3f7af0a52cdd
libpng-debug-1.2.6-6.i586.rpm
212077 2f83f35a178d84b095cde6a852d8dd7a
libpng-devel-1.2.6-6.i586.rpm
194371 c9a2d0d1101e09e65b1e1f40a7ad1896
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libpng-1.2.6-6.src.rpm
393909 d35300fefaacae6ef8f46788b4f5fdca
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-1.2.6-6.i586.rpm
163328 fd8207433bfd46b09e968cbf0660c964
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-devel-1.2.6-6.i586.rpm
194323 c1f071ea985a254528f35a2917ed0a29
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libpng-1.2.4-7.src.rpm
402870 ad76a1bd9e75beb7daff17c5a61b5b11
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-1.2.4-7.i586.rpm
136077 f4a359262a5e808356fa4015a4c25728
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-devel-1.2.4-7.i586.rpm
159862 93ac2a375a0e4eabc1e25d1f484190f0
References:
CVE
[CVE-2006-5793]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
[CVE-2007-2445]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
--------------------------------------------------------------------------
Revision History
22 Aug 2007 Initial release
--------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGy/hRK0LzjOqIJMwRAgLjAJ9jkQeTimZAa/iwLLkAZBzz178OQACgsl5t
mroWJ557ueYnHu8SQyHQF24=
=dZUk
-----END PGP SIGNATURE-----
|