Debian: libpng, libpng3 Out of bounds access vulnerability

    Date30 Apr 2004
    CategoryDebian
    2763
    Posted ByLinuxSecurity Advisories
    This problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.
    
    Debian Security Advisory DSA 498-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    April 30th, 2004                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : libpng, libpng3
    Vulnerability  : out of bound access
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0421
    
    Steve Grubb discovered a problem in the Portable Network Graphics
    library libpng which is utilised in several applications.  When
    processing a broken PNG image, the error handling routine will access
    memory that is out of bounds when creating an error message.
    Depending on machine architecture, bounds checking and other
    protective measures, this problem could cause the program to crash if
    a defective or intentionally prepared PNG image file is handled by
    libpng.
    
    This could be used as a denial of service attack against various
    programs that link against this library.  The following commands will
    show you which packages utilise this library and whose programs should
    probably restarted after an upgrade:
    
       apt-cache showpkg libpng2
       apt-cache showpkg libpng3
    
    The following security matrix explains which package versions will
    contain a correction.
    
    Package      stable (woody)          unstable (sid)
    libpng     1.0.12-3.woody.5          1.0.15-5
    libpng3    1.2.1-1.1.woody.5         1.2.5.0-6
    
    We recommend that you upgrade your libpng and related packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.dsc
          Size/MD5 checksum:      579 bb372469c10598bdab815584a793012e
         http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.diff.gz
          Size/MD5 checksum:     8544 eb859ba53f11527e17f9ee6f841dea51
         http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
          Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.dsc
          Size/MD5 checksum:      582 474b8919fcd3913c2c0e269a4341cacb
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.diff.gz
          Size/MD5 checksum:     8948 ec0d3a12f3fff3b54e0473832e8b4264
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
          Size/MD5 checksum:   493105 75a21cbfae566158a0ac6d9f39087c4d
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_alpha.deb
          Size/MD5 checksum:   129804 ba59e28e96642d247c49dec5b490df90
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_alpha.deb
          Size/MD5 checksum:   270048 5a0c90a374ec854b5245db92c64e18c0
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_alpha.deb
          Size/MD5 checksum:   276140 2a1277e1e48c0b04c09d1d6907458bb6
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_alpha.deb
          Size/MD5 checksum:   133120 e5aae07a6504392c3af924f0516594a5
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_arm.deb
          Size/MD5 checksum:   108432 ccde2f056e0573decab54dc9b5863a03
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_arm.deb
          Size/MD5 checksum:   241164 37f7b9a7e70f8ada93ef4144f3a7b112
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_arm.deb
          Size/MD5 checksum:   247362 9a03e85528176935ee656412d1d39f5c
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_arm.deb
          Size/MD5 checksum:   111638 61a50fb248af723cd7e7a8359531335f
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_i386.deb
          Size/MD5 checksum:   106928 5ebba610b5ea04e708b4b859a421e94d
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_i386.deb
          Size/MD5 checksum:   227334 4faf9b8916bbc2def04b0e15f4933c24
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_i386.deb
          Size/MD5 checksum:   233082 6a38ed52250de4c76eba02aef5fcb54d
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_i386.deb
          Size/MD5 checksum:   110082 4de92f1660f871372e1fad392ef03df0
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_ia64.deb
          Size/MD5 checksum:   146464 29a93c7fb358885d31607e68b796d70d
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_ia64.deb
          Size/MD5 checksum:   271462 c959b40f0e77635aaf9c24b8be1cf6bf
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_ia64.deb
          Size/MD5 checksum:   278608 1e09c2aaf8eeda61581891f6e3ffdaba
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_ia64.deb
          Size/MD5 checksum:   151148 ccbd7ac3077ea446070cde5d0717fee8
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_hppa.deb
          Size/MD5 checksum:   128434 415d56bb9afd5344b2bfadf70554119b
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_hppa.deb
          Size/MD5 checksum:   262252 dc6c82d209413d8200a1828de709f040
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_hppa.deb
          Size/MD5 checksum:   269434 e20f5d2fdb4cadea4010c47e6b4ce680
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_hppa.deb
          Size/MD5 checksum:   132630 e8ddf5e195465930111de2edafe3a1cb
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_m68k.deb
          Size/MD5 checksum:   103546 912b49f931e2c46730747da0f9aaf3d4
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_m68k.deb
          Size/MD5 checksum:   220492 3b0469efbda0028f53540c636ee3707a
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_m68k.deb
          Size/MD5 checksum:   226160 bef7a94af6aef0b3ef3379496e5e6f68
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_m68k.deb
          Size/MD5 checksum:   106560 1e5ba78b848a81e90a63b803e75be1de
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mips.deb
          Size/MD5 checksum:   108554 c1e1f090aa49be62d693892b9e6681a1
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mips.deb
          Size/MD5 checksum:   240312 e8e1fcacba1452118884dc3472405ff7
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mips.deb
          Size/MD5 checksum:   246804 4f4cd388a577ff7e9d7b1ea646fdc820
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mips.deb
          Size/MD5 checksum:   111908 cbff4d8f1bc4a8636bc2cdda221a8f4e
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mipsel.deb
          Size/MD5 checksum:   108436 8a0dcd7bd57c59353824b91fedcb3d1a
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mipsel.deb
          Size/MD5 checksum:   240178 204f4660f50b943e111a152a7c7a2c23
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mipsel.deb
          Size/MD5 checksum:   246732 462742addee5f47e8488698bf30c365c
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mipsel.deb
          Size/MD5 checksum:   111836 74db6d7fca696098b1470b93a9490895
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_powerpc.deb
          Size/MD5 checksum:   109962 a7fe7934ed97f30e8d7e86f21ffd5f46
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_powerpc.deb
          Size/MD5 checksum:   234432 a087736296563bb163fe7167eb157b6e
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_powerpc.deb
          Size/MD5 checksum:   240508 7ef271695467ea719eb29fe880300b9d
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_powerpc.deb
          Size/MD5 checksum:   113010 4163eb938e5f3b898debc77b700a9174
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_s390.deb
          Size/MD5 checksum:   110036 62680709ae57096ef5fe9a7c76da614d
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_s390.deb
          Size/MD5 checksum:   229300 f0203f50d15d203ce70dce008e1f671d
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_s390.deb
          Size/MD5 checksum:   234926 a0c5bd8af72b5e8acdec0b4b8c286300
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_s390.deb
          Size/MD5 checksum:   113080 10c4fdf29f8cd673424341f7d53e4c4f
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_sparc.deb
          Size/MD5 checksum:   109966 0b5f9a9e01934411c61ccbf5062a136c
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_sparc.deb
          Size/MD5 checksum:   231840 2c2a9b0892a2188264bddf54487de82f
    
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_sparc.deb
          Size/MD5 checksum:   237652 913dd15af5d3fb1a5cdb88aeb3cb2715
         http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_sparc.deb
          Size/MD5 checksum:   113390 f55bf3b2794d8f3370fae6ef82362d88
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.