Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in libpng
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in libpng
ID: MDKSA-2006:209
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 4.0, Mandriva 2007.0
Datum: Do, 16. November 2006, 23:53
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
Applikationen: libpng

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1163717582-16192-1994


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:209
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libpng
 Date    : November 16, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the png_decompress_chunk function in pngrutil.c in
 libpng before 1.2.12 allows context-dependent attackers to cause a
 denial of service and possibly execute arbitrary code via unspecified
 vectors related to "chunk error processing," possibly involving the
 "chunk_name". (CVE-2006-3334)

 It is questionable whether this issue is actually exploitable, but the
 patch to correct the issue has been included in versions < 1.2.12.

 Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a
 typo in png_set_sPLT() that may cause an application using libpng to
 read out of bounds, resulting in a crash. (CVE-2006-5793)

 Packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 45ad162b09535faffbcac12958fe49b6 
 2006.0/i586/libpng3-1.2.8-1.2.20060mdk.i586.rpm
 d606c712b0fe3cb2846aa6e7d055e734 
 2006.0/i586/libpng3-devel-1.2.8-1.2.20060mdk.i586.rpm
 2205db07f1fd59257fa7eada8c8f695d 
 2006.0/i586/libpng3-static-devel-1.2.8-1.2.20060mdk.i586.rpm 
 7b6c834aaf600fc44a64fa08cdd6961f 
 2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 f977af66ce569366e9a44e4c1a73b715 
 2006.0/x86_64/lib64png3-1.2.8-1.2.20060mdk.x86_64.rpm
 878c585798862bd39a27422252573213 
 2006.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mdk.x86_64.rpm
 4220979712677c242d3e203650ff5236 
 2006.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mdk.x86_64.rpm 
 7b6c834aaf600fc44a64fa08cdd6961f 
 2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 9906d24fb91a92049217263cf0128bfc 
 2007.0/i586/libpng3-1.2.12-2.2mdv2007.0.i586.rpm
 2d8452c09aca5596b29a1392aa250f2e 
 2007.0/i586/libpng3-devel-1.2.12-2.2mdv2007.0.i586.rpm
 38829f47379a45ecfcc9061078b24489 
 2007.0/i586/libpng3-static-devel-1.2.12-2.2mdv2007.0.i586.rpm 
 503559d5befe0d3b557422359ca2cb7a 
 2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1a51b7fe5aabda61d420a573e5fe240e 
 2007.0/x86_64/lib64png3-1.2.12-2.2mdv2007.0.x86_64.rpm
 bb66b6392ad998e1e697c9cb1171687b 
 2007.0/x86_64/lib64png3-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
 232a26557eb1069284ed5ada81492221 
 2007.0/x86_64/lib64png3-static-devel-1.2.12-2.2mdv2007.0.x86_64.rpm 
 503559d5befe0d3b557422359ca2cb7a 
 2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

 Corporate 3.0:
 881d961819f17791dd2348c2b38153f7 
 corporate/3.0/i586/libpng3-1.2.5-10.7.C30mdk.i586.rpm
 87b087c74ba0466ee6a6aa487c6d7159 
 corporate/3.0/i586/libpng3-devel-1.2.5-10.7.C30mdk.i586.rpm
 5ae5cb1afdf63d50292a0d309f2789da 
 corporate/3.0/i586/libpng3-static-devel-1.2.5-10.7.C30mdk.i586.rpm 
 3ed80f4657a551ebfff3cb87912ee8bc 
 corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2ab9e03623fb035928ba711818742bd3 
 corporate/3.0/x86_64/lib64png3-1.2.5-10.7.C30mdk.x86_64.rpm
 dd2480239ee424f20a460fa2a087fcdf 
 corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.7.C30mdk.x86_64.rpm
 43ea6b6e435e31978bc54495972e2828 
 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.7.C30mdk.x86_64.rpm 
 3ed80f4657a551ebfff3cb87912ee8bc 
 corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

 Corporate 4.0:
 27c277f505d08abde9ba7ef6ec17123e 
 corporate/4.0/i586/libpng3-1.2.8-1.2.20060mlcs4.i586.rpm
 dc70e227da5ec0514d5056319f336076 
 corporate/4.0/i586/libpng3-devel-1.2.8-1.2.20060mlcs4.i586.rpm
 6d267d5422d0e3e9e2868398ed1c8864 
 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.2.20060mlcs4.i586.rpm 
 462209b43657d92d6468b161eb779911 
 corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 090b1f0b32a0b980681b35c8aec5f323 
 corporate/4.0/x86_64/lib64png3-1.2.8-1.2.20060mlcs4.x86_64.rpm
 96f0df2464cc042fc9fabfd3b1304d7a 
 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm
 818a20ce635900040bc7ff3a1b330e38 
 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm 
 462209b43657d92d6468b161eb779911 
 corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 c2faf16ec4411b18adf61729e8cc285e 
 mnf/2.0/i586/libpng3-1.2.5-10.7.M20mdk.i586.rpm
 52c3ea1ea57c1574d66bc62dab0b3df6 
 mnf/2.0/i586/libpng3-devel-1.2.5-10.7.M20mdk.i586.rpm
 ba313a457f4647177ad33ba7fab48d4e 
 mnf/2.0/i586/libpng3-static-devel-1.2.5-10.7.M20mdk.i586.rpm 
 9cb65939c4d3165b2c806ae5b64cab08 
 mnf/2.0/SRPMS/libpng-1.2.5-10.7.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFXLdcmqjQ0CJFipgRAhDYAJ92K8724DBC+sLsJIxWCpyMCb32rACcDd5R
sgDMNY3YOYC5pPDKaAoviMM=
=vlRo
-----END PGP SIGNATURE-----


------------=_1163717582-16192-1994
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1163717582-16192-1994--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung