Login
Newsletter
Werbung
Sicherheit: Denial of Service in libpng
Aktuelle Meldungen Distributionen
Name: Denial of Service in libpng
ID: MDVSA-2010:064
Distribution: Mandriva
Plattformen: Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0
Datum: Di, 23. März 2010, 14:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
Applikationen: libpng

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1269349215-24326-6199


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:064
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libpng
 Date    : March 23, 2010
 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in libpng:
 
 The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before
 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly
 handle compressed ancillary-chunk data that has a disproportionately
 large uncompressed representation, which allows remote attackers to
 cause a denial of service (memory and CPU consumption, and application
 hang) via a crafted PNG file, as demonstrated by use of the deflate
 compression method on data composed of many occurrences of the same
 character, related to a decompression bomb attack (CVE-2010-0205).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 e0f5c5c179b1224d99f6b16b718069b1 
 2009.0/i586/libpng3-1.2.31-2.2mdv2009.0.i586.rpm
 5e5e6ec06e5d5997d82b1780c6e364e1 
 2009.0/i586/libpng-devel-1.2.31-2.2mdv2009.0.i586.rpm
 48c2108e471923710e8ac01d7984df3a 
 2009.0/i586/libpng-source-1.2.31-2.2mdv2009.0.i586.rpm
 24e60615f07e3310091b96db44821b55 
 2009.0/i586/libpng-static-devel-1.2.31-2.2mdv2009.0.i586.rpm 
 148ad37542ef79c0ed97be519be0478d 
 2009.0/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 0a76c1bbd16c3ff1e23027aeba6dbb70 
 2009.0/x86_64/lib64png3-1.2.31-2.2mdv2009.0.x86_64.rpm
 8e01630ee7eb85327dc226632b535ffd 
 2009.0/x86_64/lib64png-devel-1.2.31-2.2mdv2009.0.x86_64.rpm
 ed2d30ab62de27e52052fc2bd5958540 
 2009.0/x86_64/lib64png-static-devel-1.2.31-2.2mdv2009.0.x86_64.rpm
 363e0b340727539dab6765b89660fb43 
 2009.0/x86_64/libpng-source-1.2.31-2.2mdv2009.0.x86_64.rpm 
 148ad37542ef79c0ed97be519be0478d 
 2009.0/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 eb835d104959137d6ca68071e8f55fc6 
 2009.1/i586/libpng3-1.2.35-1.1mdv2009.1.i586.rpm
 c0154024cdcfa2d9fb221e2f4483546c 
 2009.1/i586/libpng-devel-1.2.35-1.1mdv2009.1.i586.rpm
 22ec75a046bd10bfa69afa223e651357 
 2009.1/i586/libpng-source-1.2.35-1.1mdv2009.1.i586.rpm
 2ddcfacf2b6dfa6bf873ffb49bbec43e 
 2009.1/i586/libpng-static-devel-1.2.35-1.1mdv2009.1.i586.rpm 
 d28bd0a3c425381e441c0c1d4202ee3d 
 2009.1/SRPMS/libpng-1.2.35-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 c9eec8bdd1b1a2aea33a9e5f8dfdc05e 
 2009.1/x86_64/lib64png3-1.2.35-1.1mdv2009.1.x86_64.rpm
 36436b03497287eefe7011cfc4b69ab5 
 2009.1/x86_64/lib64png-devel-1.2.35-1.1mdv2009.1.x86_64.rpm
 810be607e4dcc0c1e6157dd0281b3122 
 2009.1/x86_64/lib64png-static-devel-1.2.35-1.1mdv2009.1.x86_64.rpm
 948e22de64093275c10dbd781cde02ed 
 2009.1/x86_64/libpng-source-1.2.35-1.1mdv2009.1.x86_64.rpm 
 d28bd0a3c425381e441c0c1d4202ee3d 
 2009.1/SRPMS/libpng-1.2.35-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 50a03f5191cc9383c09ef152fa6ebb8c 
 2010.0/i586/libpng3-1.2.40-1.1mdv2010.0.i586.rpm
 6a528114a5d5cf86c684a179f5ee36b8 
 2010.0/i586/libpng-devel-1.2.40-1.1mdv2010.0.i586.rpm
 9a1154491d80af5ced9a02e37947bf2c 
 2010.0/i586/libpng-source-1.2.40-1.1mdv2010.0.i586.rpm
 fb0671ad70f8202f32c7566d08070a8c 
 2010.0/i586/libpng-static-devel-1.2.40-1.1mdv2010.0.i586.rpm 
 5911cb03cac15875905c17214463ab65 
 2010.0/SRPMS/libpng-1.2.40-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 08e10e44a82ca8df8c6586bf07d3b6ce 
 2010.0/x86_64/lib64png3-1.2.40-1.1mdv2010.0.x86_64.rpm
 224425aa77a35bd3233c89613562fe7e 
 2010.0/x86_64/lib64png-devel-1.2.40-1.1mdv2010.0.x86_64.rpm
 2682dae8ecdb43af20aadea093d3f03d 
 2010.0/x86_64/lib64png-static-devel-1.2.40-1.1mdv2010.0.x86_64.rpm
 be6b483916a098489e41d13bf2f98d63 
 2010.0/x86_64/libpng-source-1.2.40-1.1mdv2010.0.x86_64.rpm 
 5911cb03cac15875905c17214463ab65 
 2010.0/SRPMS/libpng-1.2.40-1.1mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 cb7196e7825b553e2414b76e236abf36  mes5/i586/libpng3-1.2.31-2.2mdvmes5.i586.rpm
 909211c1ac708b89b790e75261ac27b4 
 mes5/i586/libpng-devel-1.2.31-2.2mdvmes5.i586.rpm
 5216e2e783fee0043ccf34c84db096fd 
 mes5/i586/libpng-source-1.2.31-2.2mdvmes5.i586.rpm
 321d36768502ddfb1b90086b6204a670 
 mes5/i586/libpng-static-devel-1.2.31-2.2mdvmes5.i586.rpm 
 b2e5c72d1cc33ec0e53b36a590cafa35 
 mes5/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 457da1eac0895ee795e2076d46e723d6 
 mes5/x86_64/lib64png3-1.2.31-2.2mdvmes5.x86_64.rpm
 80a132428cc6638972263f7f92fef9da 
 mes5/x86_64/lib64png-devel-1.2.31-2.2mdvmes5.x86_64.rpm
 34bea6af1ef00ce04c3f842e6b5fc112 
 mes5/x86_64/lib64png-static-devel-1.2.31-2.2mdvmes5.x86_64.rpm
 a89184a0f83c9bc3b295909a174e66d1 
 mes5/x86_64/libpng-source-1.2.31-2.2mdvmes5.x86_64.rpm 
 b2e5c72d1cc33ec0e53b36a590cafa35 
 mes5/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLqIx9mqjQ0CJFipgRAjwEAJ9esE4PRdBb1EyE3TaH1wOwo+7isgCgoj4l
HzHGWDCDi+o3C9YelfNCJ8s=
=l5qb
-----END PGP SIGNATURE-----


------------=_1269349215-24326-6199
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1269349215-24326-6199--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung