Debian Security Advisory DSA 536-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
August 4th, 2004                         Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : libpng
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE Ids        : CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768

Chris Evans discovered several vulnerabilities in libpng:

 CAN-2004-0597 - Multiple buffer overflows exist, including when
 handling transparency chunk data, which could be exploited to cause
 arbitrary code to be executed when a specially crafted PNG image is
 processed

 CAN-2004-0598 - Multiple NULL pointer dereferences in
 png_handle_iCPP() and elsewhere could be exploited to cause an
 application to crash when a specially crafted PNG image is processed

 CAN-2004-0599 - Multiple integer overflows in png_handle_sPLT(),
 png_read_png() nctions and elsewhere could be exploited to cause an
 application to crash, or potentially arbitrary code to be executed,
 when a specially crafted PNG image is processed

In addition, a bug related to CAN-2002-1363 was fixed:

 CAN-2004-0768 - A buffer overflow could be caused by incorrect
 calculation of buffer offsets, possibly leading to the execution of
 arbitrary code

For the current stable distribution (woody), these problems have been
fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
1.0.12-3.woody.7.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you update your libpng and libpng3 packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      579 28fa419216a24ee3bfc2379864cb08af
      
      Size/MD5 checksum:     9742 75a375a67bb78301d9a9ebe821b3f2b2
      
      Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c
      
      Size/MD5 checksum:      583 3976057544097db61b33f953b803d947
      
      Size/MD5 checksum:    29676 0501708a687b71e449f81cd3e61868d6
      
      Size/MD5 checksum:   493105 75a21cbfae566158a0ac6d9f39087c4d

  ARM architecture:

      
      Size/MD5 checksum:   108834 65c7d7fb818332e8c0a5948450289d6f
      
      Size/MD5 checksum:   241392 785d7cc63274c17c1b6f54020e55b047
      
      Size/MD5 checksum:   247654 8fcf3de4c503230ec009cd60d852ed8e
      
      Size/MD5 checksum:   112036 159d56f98ca67efae5b941c8c125f7fb

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   107012 6c0c53769987b0e612315a27d426c31b
      
      Size/MD5 checksum:   226982 93ab2de59fd31cdd270220a9bf470aab
      
      Size/MD5 checksum:   233652 7a723facf934ca726426fcccbea044c1
      
      Size/MD5 checksum:   110350 aaa13f7b82894d332b0d93812eccf245

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   147182 a42677c2dc15d9c7e69084c794adb1f1
      
      Size/MD5 checksum:   271760 3602ac433e9acb291264ac4631466b1b
      
      Size/MD5 checksum:   278832 f40345e28c0a8090e3d5cc0da0c47c83
      
      Size/MD5 checksum:   151492 b4cf01f0f5a4584a9cc91d37059e3a18

  HP Precision architecture:

      
      Size/MD5 checksum:   128592 c290efcf7bca64a59b95df9bd40ea7c4
      
      Size/MD5 checksum:   262498 bba030d36b2453f50fc5f8dd502193db
      
      Size/MD5 checksum:   269714 97f2cc65b004d72d2f736c444a5eca02
      
      Size/MD5 checksum:   132710 ad103af06ba1fd04bfc820a7c9469a04

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   103914 0397515db7b83fe0788c11878ff2f6fe
      
      Size/MD5 checksum:   220716 eedf1c5c86848604fffc678e2522047e
      
      Size/MD5 checksum:   226396 825cf323e0b2a20d7059b41ac50b5ffe
      
      Size/MD5 checksum:   106862 c9426ed19e5cf9d5ffa3f4e5ad9575ba

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   108912 f28b7b28829c5eccfc1879bf24f30d01
      
      Size/MD5 checksum:   240572 aa9f0be614c9b9e83035927bca2780a0
      
      Size/MD5 checksum:   247046 950eb986e2da18540cac6871fa724ec8
      
      Size/MD5 checksum:   112238 45ba391f6604228a5712b3933cd7918d

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   108792 e1c23a58af661142d961b2cb9067a8ad
      
      Size/MD5 checksum:   240484 205b79c80e9d5a90ba39ce297ca7ccf9
      
      Size/MD5 checksum:   247000 d7fab207f6240fa1c8cca2b626543910
      
      Size/MD5 checksum:   112174 60c7d64b2256f05f8eb132b8e386731e

  PowerPC architecture:

      
      Size/MD5 checksum:   110254 ed1c9f3cb6cfc64467ae83251beb8b2d
      
      Size/MD5 checksum:   234680 a728d61a234b60b14d6876c0d7d460b5
      
      Size/MD5 checksum:   240742 ae4b57d50f8f6e8f88f18fdfde81c9a8
      
      Size/MD5 checksum:   113340 3014018db3169c617d958b71fa0e119d

  IBM S/390 architecture:

      
      Size/MD5 checksum:   110286 1ba753d363eb45b3b768ae26ce19f9dc
      
      Size/MD5 checksum:   229436 8ca7796466613d780a3442d831544bf9
      
      Size/MD5 checksum:   235056 dcfc35ced743c453935dea5f4c6e8b92
      
      Size/MD5 checksum:   113376 2a42876c22f968ae435382110d27741c

  Sun Sparc architecture:

      
      Size/MD5 checksum:   110312 f5db28252e4072d07f34da1b57bb2656
      
      Size/MD5 checksum:   232132 32be4f2a4f7215f3760ac6ce7c222ab9
      
      Size/MD5 checksum:   237786 2d36e99aab38db959088a646bbf9455b
      
      Size/MD5 checksum:   113744 d67df8af224bbcb817c7cb004ece5bf7

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: libpng Multiple vulnerabilities

August 11, 2004
This patch addresses a large number of vulnerabilities in libpng.

Summary

Chris Evans discovered several vulnerabilities in libpng:

CAN-2004-0597 - Multiple buffer overflows exist, including when
handling transparency chunk data, which could be exploited to cause
arbitrary code to be executed when a specially crafted PNG image is
processed

CAN-2004-0598 - Multiple NULL pointer dereferences in
png_handle_iCPP() and elsewhere could be exploited to cause an
application to crash when a specially crafted PNG image is processed

CAN-2004-0599 - Multiple integer overflows in png_handle_sPLT(),
png_read_png() nctions and elsewhere could be exploited to cause an
application to crash, or potentially arbitrary code to be executed,
when a specially crafted PNG image is processed

In addition, a bug related to CAN-2002-1363 was fixed:

CAN-2004-0768 - A buffer overflow could be caused by incorrect
calculation of buffer offsets, possibly leading to the execution of
arbitrary code

For the current stable distribution (woody), these problems have been
fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
1.0.12-3.woody.7.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you update your libpng and libpng3 packages.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 579 28fa419216a24ee3bfc2379864cb08af

Size/MD5 checksum: 9742 75a375a67bb78301d9a9ebe821b3f2b2

Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c

Size/MD5 checksum: 583 3976057544097db61b33f953b803d947

Size/MD5 checksum: 29676 0501708a687b71e449f81cd3e61868d6

Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d

ARM architecture:


Size/MD5 checksum: 108834 65c7d7fb818332e8c0a5948450289d6f

Size/MD5 checksum: 241392 785d7cc63274c17c1b6f54020e55b047

Size/MD5 checksum: 247654 8fcf3de4c503230ec009cd60d852ed8e

Size/MD5 checksum: 112036 159d56f98ca67efae5b941c8c125f7fb

Intel IA-32 architecture:


Size/MD5 checksum: 107012 6c0c53769987b0e612315a27d426c31b

Size/MD5 checksum: 226982 93ab2de59fd31cdd270220a9bf470aab

Size/MD5 checksum: 233652 7a723facf934ca726426fcccbea044c1

Size/MD5 checksum: 110350 aaa13f7b82894d332b0d93812eccf245

Intel IA-64 architecture:


Size/MD5 checksum: 147182 a42677c2dc15d9c7e69084c794adb1f1

Size/MD5 checksum: 271760 3602ac433e9acb291264ac4631466b1b

Size/MD5 checksum: 278832 f40345e28c0a8090e3d5cc0da0c47c83

Size/MD5 checksum: 151492 b4cf01f0f5a4584a9cc91d37059e3a18

HP Precision architecture:


Size/MD5 checksum: 128592 c290efcf7bca64a59b95df9bd40ea7c4

Size/MD5 checksum: 262498 bba030d36b2453f50fc5f8dd502193db

Size/MD5 checksum: 269714 97f2cc65b004d72d2f736c444a5eca02

Size/MD5 checksum: 132710 ad103af06ba1fd04bfc820a7c9469a04

Motorola 680x0 architecture:


Size/MD5 checksum: 103914 0397515db7b83fe0788c11878ff2f6fe

Size/MD5 checksum: 220716 eedf1c5c86848604fffc678e2522047e

Size/MD5 checksum: 226396 825cf323e0b2a20d7059b41ac50b5ffe

Size/MD5 checksum: 106862 c9426ed19e5cf9d5ffa3f4e5ad9575ba

Big endian MIPS architecture:


Size/MD5 checksum: 108912 f28b7b28829c5eccfc1879bf24f30d01

Size/MD5 checksum: 240572 aa9f0be614c9b9e83035927bca2780a0

Size/MD5 checksum: 247046 950eb986e2da18540cac6871fa724ec8

Size/MD5 checksum: 112238 45ba391f6604228a5712b3933cd7918d

Little endian MIPS architecture:


Size/MD5 checksum: 108792 e1c23a58af661142d961b2cb9067a8ad

Size/MD5 checksum: 240484 205b79c80e9d5a90ba39ce297ca7ccf9

Size/MD5 checksum: 247000 d7fab207f6240fa1c8cca2b626543910

Size/MD5 checksum: 112174 60c7d64b2256f05f8eb132b8e386731e

PowerPC architecture:


Size/MD5 checksum: 110254 ed1c9f3cb6cfc64467ae83251beb8b2d

Size/MD5 checksum: 234680 a728d61a234b60b14d6876c0d7d460b5

Size/MD5 checksum: 240742 ae4b57d50f8f6e8f88f18fdfde81c9a8

Size/MD5 checksum: 113340 3014018db3169c617d958b71fa0e119d

IBM S/390 architecture:


Size/MD5 checksum: 110286 1ba753d363eb45b3b768ae26ce19f9dc

Size/MD5 checksum: 229436 8ca7796466613d780a3442d831544bf9

Size/MD5 checksum: 235056 dcfc35ced743c453935dea5f4c6e8b92

Size/MD5 checksum: 113376 2a42876c22f968ae435382110d27741c

Sun Sparc architecture:


Size/MD5 checksum: 110312 f5db28252e4072d07f34da1b57bb2656

Size/MD5 checksum: 232132 32be4f2a4f7215f3760ac6ce7c222ab9

Size/MD5 checksum: 237786 2d36e99aab38db959088a646bbf9455b

Size/MD5 checksum: 113744 d67df8af224bbcb817c7cb004ece5bf7

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



Severity
Package : libpng
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE Ids : CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved