Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
91
security advisorygentoocode executionGentoo: GLSA-200812-15 Normal: POV-Ray Code Execution Risk
POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: POV-Ray: User-assisted execution of arbitrary code Date: December 14, 2008 Bugs: #153538 ID: 200812-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file Background ========= POV-Ray is a well known open-source ray tracer. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/povray < 3.6.1-r4 > = 3.6.1-r4 Description ========== POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's build system caused it to load the old version when your installed copy of libpng was > =media-libs/libpng-1.2.10. Impact ===== An attacker could entice a user to load a specially crafted PNG file as a texture, resulting in the execution of arbitrary code with the permissions of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All POV-Ray users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot--verbose "> =media-gfx/povray-3.6.1-r4" References ========= [ 1 ] CVE-2004-0768 https://www.cve.org/CVERecord?id=CVE-2004-0768 [ 2 ] CVE-2006-0481 https://www.cve.org/CVERecord?id=CVE-2006-0481 [ 3 ] CVE-2006-3334 https://www.cve.org/CVERecord?id=CVE-2006-3334 [ 4 ] CVE-2008-1382 https://www.cve.org/CVERecord?id=CVE-2008-1382 [ 5 ] CVE-2008-3964 https://www.cve.org/CVERecord?id=CVE-2008-3964 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200812-15 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Dec 14, 2008
Gentoo
89
security advisoryDoSFedora CoreFedora Core 2: Security Advisory 2004-176 Moderate: libpng DoS Risk
An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim.. CORE 2: Fedora Update Notification FEDORA-2004-176 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libpng10 Version : 1.0.15 Release : 5 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- Update Information: During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Fedora Core. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: e061938ff40d4b6d79d6a2867fade179 SRPMS/libpng10-1.0.15-5.src.rpm 10a4be8fa833afdd2c6c93452b9a81d8 x86_64/libpng10-1.0.15-5.x86_64.rpm cf1d624c20f1ec1b56247c2b996c7d0e x86_64/libpng10-devel-1.0.15-5.x86_64.rpm 249c40e90cad1abf55fdf689d4f96cba x86_64/debug/libpng10-debuginfo-1.0.15-5.x86_64.rpm 070b4e3eab29bbf9915f9220e5430db5 i386/libpng10-1.0.15-5.i386.rpm 0d058440eb04087b8db8c9652d9a6fe5 i386/libpng10-devel-1.0.15-5.i386.rpm 2007c462b58b07032c2040080690b508 i386/debug/libpng10-debuginfo-1.0.15-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date'command. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- CORE 1: Fedora Update Notification FEDORA-2004-174 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 1 Name : libpng10 Version : 1.0.15 Release : 4 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- Update Information: During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Fedora Core. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: 27291030c4b45837604fa29ea1ba63af SRPMS/libpng10-1.0.15-4.src.rpm 373999494fd66d5110f30cc13f23afdf x86_64/libpng10-1.0.15-4.x86_64.rpm c3179356daded13a6f03f5384e201772 x86_64/libpng10-devel-1.0.15-4.x86_64.rpm 0583f6e917579a841183ade07772ee71 x86_64/debug/libpng10-debuginfo-1.0.15-4.x86_64.rpm c340858b643a92beb4ab16bcfff55e6c i386/libpng10-1.0.15-4.i386.rpm 4642cf8bafa073269763964a85ef5139 i386/libpng10-devel-1.0.15-4.i386.rpm 67b64172374624083b436c49d0ae7a8a i386/debug/libpng10-debuginfo-1.0.15-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. . Fedora Core 2 has a vulnerability in libpng that may result in denial of service. Apply the advised upgrades to prevent interruptions and remote codeexecution from corrupted PNGs.. libpng vulnerability,Fedora Core 2,DoS risk,software update,security patch. . LinuxSecurity.com Team
Jun 21, 2004
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!