Debian: libpng several vulnerabilities fix

    Date20 Oct 2004
    CategoryDebian
    2213
    Posted ByLinuxSecurity Advisories
    Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 570-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 20th, 2004                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : libpng
    Vulnerability  : integer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0955
    
    Several integer overflows have been discovered by its upstream
    developers in libpng, a commonly used library to display PNG graphics.
    They could be exploited to cause arbitrary code to be executed when a
    specially crafted PNG image is processed.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.0.12-3.woody.9.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.0.15-8.
    
    We recommend that you upgrade your libpng packages.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.9.dsc
          Size/MD5 checksum:      580 7df7d1e0bbd2332551a14cc0a21dddf7
         http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.9.diff.gz
          Size/MD5 checksum:    10396 dbf46963e7b26473fffba63a92791286
         http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
          Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_alpha.deb
          Size/MD5 checksum:   130374 1044ec55646f8e94e218bf4613db1f60
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_alpha.deb
          Size/MD5 checksum:   270440 74a5b9e3bc1b2fc2648133e196894b4f
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_arm.deb
          Size/MD5 checksum:   109148 60e7475df4f824043242559b7d64322e
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_arm.deb
          Size/MD5 checksum:   241496 f9ad072eb50a9391ce4b105eff9b2cba
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_i386.deb
          Size/MD5 checksum:   107434 e81d90d93fc69329f1fc842666ab8bf2
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_i386.deb
          Size/MD5 checksum:   227648 a5495e210300e511e7c265e86303c909
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_ia64.deb
          Size/MD5 checksum:   147520 5292b0c17956697fa682a95be34abc0d
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_ia64.deb
          Size/MD5 checksum:   271938 ae7b7fed469735915bbdf87ab02f80a3
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_hppa.deb
          Size/MD5 checksum:   128830 b1937fc261ba66c8b69605c0f8df9305
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_hppa.deb
          Size/MD5 checksum:   262630 be93d764c002923fb1e6d5385b12e200
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_m68k.deb
          Size/MD5 checksum:   104172 86a18a750a19efbe94f8b79d9e4e89c8
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_m68k.deb
          Size/MD5 checksum:   220804 d4b278997d86fe7cd824f2ad820a8466
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_mips.deb
          Size/MD5 checksum:   109184 b825d9e4e59ed06f5ff718d86c078714
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_mips.deb
          Size/MD5 checksum:   240698 883d442e57eef30ad86251ce2ffed701
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_mipsel.deb
          Size/MD5 checksum:   109102 eb85fee5ef0e9516372a7e245fd781ce
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_mipsel.deb
          Size/MD5 checksum:   240576 da9b75f48689e9277b8a053c014e8ddc
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_powerpc.deb
          Size/MD5 checksum:   110504 b7ab6493588e05c09811e3f58fa747b2
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_powerpc.deb
          Size/MD5 checksum:   234800 1e1bacb0bbe2d80166d4ce9f96348828
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_s390.deb
          Size/MD5 checksum:   110520 29172e2fc592785d44b5779ed7787f08
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_s390.deb
          Size/MD5 checksum:   229560 2577f1ecee02f71af34ca9aecbd70dd7
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_sparc.deb
          Size/MD5 checksum:   110564 2eac357f311054279ef941a87befb62f
         http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_sparc.deb
          Size/MD5 checksum:   232302 7691bd27595acd87249be24746f47186
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.