Linux Security
    Linux Security
    Linux Security

    Debian: libpng Multiple vulnerabilities

    Date 11 Aug 2004
    Posted By LinuxSecurity Advisories
    This patch addresses a large number of vulnerabilities in libpng.
    Debian Security Advisory DSA 536-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    August 4th, 2004               
    - --------------------------------------------------------------------------
    Package        : libpng
    Vulnerability  : several
    Problem-Type   : local/remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768
    Chris Evans discovered several vulnerabilities in libpng:
     CAN-2004-0597 - Multiple buffer overflows exist, including when
     handling transparency chunk data, which could be exploited to cause
     arbitrary code to be executed when a specially crafted PNG image is
     CAN-2004-0598 - Multiple NULL pointer dereferences in
     png_handle_iCPP() and elsewhere could be exploited to cause an
     application to crash when a specially crafted PNG image is processed
     CAN-2004-0599 - Multiple integer overflows in png_handle_sPLT(),
     png_read_png() nctions and elsewhere could be exploited to cause an
     application to crash, or potentially arbitrary code to be executed,
     when a specially crafted PNG image is processed
    In addition, a bug related to CAN-2002-1363 was fixed:
     CAN-2004-0768 - A buffer overflow could be caused by incorrect
     calculation of buffer offsets, possibly leading to the execution of
     arbitrary code
    For the current stable distribution (woody), these problems have been
    fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
    For the unstable distribution (sid), these problems will be fixed soon.
    We recommend that you update your libpng and libpng3 packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      579 28fa419216a24ee3bfc2379864cb08af
          Size/MD5 checksum:     9742 75a375a67bb78301d9a9ebe821b3f2b2
          Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c
          Size/MD5 checksum:      583 3976057544097db61b33f953b803d947
          Size/MD5 checksum:    29676 0501708a687b71e449f81cd3e61868d6
          Size/MD5 checksum:   493105 75a21cbfae566158a0ac6d9f39087c4d
      ARM architecture:
          Size/MD5 checksum:   108834 65c7d7fb818332e8c0a5948450289d6f
          Size/MD5 checksum:   241392 785d7cc63274c17c1b6f54020e55b047
          Size/MD5 checksum:   247654 8fcf3de4c503230ec009cd60d852ed8e
          Size/MD5 checksum:   112036 159d56f98ca67efae5b941c8c125f7fb
      Intel IA-32 architecture:
          Size/MD5 checksum:   107012 6c0c53769987b0e612315a27d426c31b
          Size/MD5 checksum:   226982 93ab2de59fd31cdd270220a9bf470aab
          Size/MD5 checksum:   233652 7a723facf934ca726426fcccbea044c1
          Size/MD5 checksum:   110350 aaa13f7b82894d332b0d93812eccf245
      Intel IA-64 architecture:
          Size/MD5 checksum:   147182 a42677c2dc15d9c7e69084c794adb1f1
          Size/MD5 checksum:   271760 3602ac433e9acb291264ac4631466b1b
          Size/MD5 checksum:   278832 f40345e28c0a8090e3d5cc0da0c47c83
          Size/MD5 checksum:   151492 b4cf01f0f5a4584a9cc91d37059e3a18
      HP Precision architecture:
          Size/MD5 checksum:   128592 c290efcf7bca64a59b95df9bd40ea7c4
          Size/MD5 checksum:   262498 bba030d36b2453f50fc5f8dd502193db
          Size/MD5 checksum:   269714 97f2cc65b004d72d2f736c444a5eca02
          Size/MD5 checksum:   132710 ad103af06ba1fd04bfc820a7c9469a04
      Motorola 680x0 architecture:
          Size/MD5 checksum:   103914 0397515db7b83fe0788c11878ff2f6fe
          Size/MD5 checksum:   220716 eedf1c5c86848604fffc678e2522047e
          Size/MD5 checksum:   226396 825cf323e0b2a20d7059b41ac50b5ffe
          Size/MD5 checksum:   106862 c9426ed19e5cf9d5ffa3f4e5ad9575ba
      Big endian MIPS architecture:
          Size/MD5 checksum:   108912 f28b7b28829c5eccfc1879bf24f30d01
          Size/MD5 checksum:   240572 aa9f0be614c9b9e83035927bca2780a0
          Size/MD5 checksum:   247046 950eb986e2da18540cac6871fa724ec8
          Size/MD5 checksum:   112238 45ba391f6604228a5712b3933cd7918d
      Little endian MIPS architecture:
          Size/MD5 checksum:   108792 e1c23a58af661142d961b2cb9067a8ad
          Size/MD5 checksum:   240484 205b79c80e9d5a90ba39ce297ca7ccf9
          Size/MD5 checksum:   247000 d7fab207f6240fa1c8cca2b626543910
          Size/MD5 checksum:   112174 60c7d64b2256f05f8eb132b8e386731e
      PowerPC architecture:
          Size/MD5 checksum:   110254 ed1c9f3cb6cfc64467ae83251beb8b2d
          Size/MD5 checksum:   234680 a728d61a234b60b14d6876c0d7d460b5
          Size/MD5 checksum:   240742 ae4b57d50f8f6e8f88f18fdfde81c9a8
          Size/MD5 checksum:   113340 3014018db3169c617d958b71fa0e119d
      IBM S/390 architecture:
          Size/MD5 checksum:   110286 1ba753d363eb45b3b768ae26ce19f9dc
          Size/MD5 checksum:   229436 8ca7796466613d780a3442d831544bf9
          Size/MD5 checksum:   235056 dcfc35ced743c453935dea5f4c6e8b92
          Size/MD5 checksum:   113376 2a42876c22f968ae435382110d27741c
      Sun Sparc architecture:
          Size/MD5 checksum:   110312 f5db28252e4072d07f34da1b57bb2656
          Size/MD5 checksum:   232132 32be4f2a4f7215f3760ac6ce7c222ab9
          Size/MD5 checksum:   237786 2d36e99aab38db959088a646bbf9455b
          Size/MD5 checksum:   113744 d67df8af224bbcb817c7cb004ece5bf7
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.