SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libpng Vendors:   libpng.sourceforge.net
(Mandrake Issues Fix) libpng Buffer Overflows May Let Remote Users Crash the Application or Execute Arbitrary Code
SecurityTracker Alert ID:  1010870
SecurityTracker URL:  http://securitytracker.com/id/1010870
CVE Reference:   CVE-2004-0597, CVE-2004-0598, CVE-2004-0599   (Links to External Site)
Date:  Aug 5 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.2.5 and 1.0.15
Description:   Several buffer overflow vulnerabilities were reported in libpng. A remote user may be able to execute arbitrary code on the target system.

Red Hat reported that Chris Evans discovered several buffer overflows in libpng during a code audit.

A remote user can create a specially crafted PNG file that, when opened by a target user with an application that uses libpng, will execute arbitrary code on the target user's system [CVE: CVE-2004-0597].

A NULL pointer dereference vulnerability [CVE: CVE-2004-0598] and several integer overflow issues [CVE: CVE-2004-0599] were also reported to be able to cause an affected application to crash when opening a malicious file.

Impact:   A remote user may be able to cause an affected application to crash or execute arbitrary code. The specific impact depends on the application using libpng.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
5f2e0ce336d0854b79426e3ee2fc9c1c 10.0/RPMS/libpng3-1.2.5-10.5.100mdk.i586.rpm
a08aee71d41f2fd270e657053ed16a18 10.0/RPMS/libpng3-devel-1.2.5-10.5.100mdk.i586.rpm
997b909be31340ab48a5c8266364d9f1 10.0/RPMS/libpng3-static-devel-1.2.5-10.5.100mdk.i586.rpm
5402d26cab5f03469f22f10e7279a64f 10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
7f4dbf94ab247849e8efb3034c6bb046 amd64/10.0/RPMS/lib64png3-1.2.5-10.5.100mdk.amd64.rpm
7f2e23c89e39423b2499798cad32fc13 amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.5.100mdk.amd64.rpm
ac6b7e03e3e816efa8744816d596338f amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.5.100mdk.amd64.rpm
5402d26cab5f03469f22f10e7279a64f amd64/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

Corporate Server 2.1:
6cf56378665f973c6b96a487db31f2df corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.i586.rpm
4dfb84e68f30cc4de1ddf2085ef74ebd corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.i586.rpm
68adca80324ccf10ecf386466673ff5e corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.i586.rpm
e37d6b112471f9fbd39eee11db336a8e corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
bb2f7ccff93adcf0f466cb4741f09440 x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.x86_64.rpm
22bd27f48fa0fd1e0510c3066ab67325 x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.x86_64.rpm
769bb0aa09bf26b1ff64a9cd5e5a452e x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.x86_64.rpm
e37d6b112471f9fbd39eee11db336a8e x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

Mandrakelinux 9.1:
6fd39e5ee6bc8dc031bf3ea4608b2dcf 9.1/RPMS/libpng3-1.2.5-2.5.91mdk.i586.rpm
e29e3f15812654860e80987ff169ed0a 9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.i586.rpm
f8fbbf2d3bd57ffb967a12fa84806793 9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.i586.rpm
c1f995c1738591bf1436386c19f220f8 9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
db141bfa829164296790fc5ecaeca8af ppc/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.ppc.rpm
cf12eb035d71e045bca05a351d2e12b5 ppc/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.ppc.rpm
37ed0b8a240466482f3e3e079397aca3 ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.ppc.rpm
c1f995c1738591bf1436386c19f220f8 ppc/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

Mandrakelinux 9.2:
73dcbcff5ec15f8d0c683e85357ba292 9.2/RPMS/libpng3-1.2.5-7.5.92mdk.i586.rpm
7d1493bececc9a48b84061b3eae8d92f 9.2/RPMS/libpng3-devel-1.2.5-7.5.92mdk.i586.rpm
32d8f720ff4f9e2dcfd7e07a7f3b221c 9.2/RPMS/libpng3-static-devel-1.2.5-7.5.92mdk.i586.rpm
9ada13b517e9d757874bd235de565fc8 9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
ce8a91d600fba2cdcc4cbfa73528f0cd amd64/9.2/RPMS/lib64png3-1.2.5-7.5.92mdk.amd64.rpm
231a4e5d6f11d262bb5bc6b7563ad93f amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.5.92mdk.amd64.rpm
1f63ad149a23fd5f2e9c9007b162235b amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.5.92mdk.amd64.rpm
9ada13b517e9d757874bd235de565fc8 amd64/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

Multi Network Firewall 8.2:
f8ec19565a938e22f23e39b444d208a2 mnf8.2/RPMS/libpng3-1.2.4-3.7.M82mdk.i586.rpm
99b28bb4446212b3cf099640a876c44e mnf8.2/SRPMS/libpng-1.2.4-3.7.M82mdk.src.rpm

Vendor URL:  www.libpng.org/pub/png/libpng.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2

Message History:   This archive entry is a follow-up to the message listed below.
Aug 4 2004 libpng Buffer Overflows May Let Remote Users Crash the Application or Execute Arbitrary Code



 Source Message Contents

Subject:  [Security Announce] MDKSA-2004:079 - Updated libpng packages fix


This is a multi-part message in MIME format...

------------=_1091649518-595-3634

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libpng
 Advisory ID:            MDKSA-2004:079
 Date:                   August 4th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the libpng graphics
 library, including a remotely exploitable stack-based buffer overrun in
 the png_handle_tRNS function, dangerous code in png_handle_sBIT, a
 possible NULL-pointer crash in png_handle_iCCP (which is also
 duplicated in multiple other locations), a theoretical integer overflow
 in png_read_png, and integer overflows during progressive reading.
 
 All users are encouraged to upgrade immediately.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  http://www.kb.cert.org/vuls/id/388984
  http://www.kb.cert.org/vuls/id/236656
  http://www.kb.cert.org/vuls/id/160448
  http://www.kb.cert.org/vuls/id/477512
  http://www.kb.cert.org/vuls/id/286464
  http://www.kb.cert.org/vuls/id/817368
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5f2e0ce336d0854b79426e3ee2fc9c1c  10.0/RPMS/libpng3-1.2.5-10.5.100mdk.i586.rpm
 a08aee71d41f2fd270e657053ed16a18  10.0/RPMS/libpng3-devel-1.2.5-10.5.100mdk.i586.rpm
 997b909be31340ab48a5c8266364d9f1  10.0/RPMS/libpng3-static-devel-1.2.5-10.5.100mdk.i586.rpm
 5402d26cab5f03469f22f10e7279a64f  10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 7f4dbf94ab247849e8efb3034c6bb046  amd64/10.0/RPMS/lib64png3-1.2.5-10.5.100mdk.amd64.rpm
 7f2e23c89e39423b2499798cad32fc13  amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.5.100mdk.amd64.rpm
 ac6b7e03e3e816efa8744816d596338f  amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.5.100mdk.amd64.rpm
 5402d26cab5f03469f22f10e7279a64f  amd64/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

 Corporate Server 2.1:
 6cf56378665f973c6b96a487db31f2df  corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.i586.rpm
 4dfb84e68f30cc4de1ddf2085ef74ebd  corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.i586.rpm
 68adca80324ccf10ecf386466673ff5e  corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.i586.rpm
 e37d6b112471f9fbd39eee11db336a8e  corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 bb2f7ccff93adcf0f466cb4741f09440  x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.x86_64.rpm
 22bd27f48fa0fd1e0510c3066ab67325  x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.x86_64.rpm
 769bb0aa09bf26b1ff64a9cd5e5a452e  x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.x86_64.rpm
 e37d6b112471f9fbd39eee11db336a8e  x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

 Mandrakelinux 9.1:
 6fd39e5ee6bc8dc031bf3ea4608b2dcf  9.1/RPMS/libpng3-1.2.5-2.5.91mdk.i586.rpm
 e29e3f15812654860e80987ff169ed0a  9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.i586.rpm
 f8fbbf2d3bd57ffb967a12fa84806793  9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.i586.rpm
 c1f995c1738591bf1436386c19f220f8  9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 db141bfa829164296790fc5ecaeca8af  ppc/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.ppc.rpm
 cf12eb035d71e045bca05a351d2e12b5  ppc/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.ppc.rpm
 37ed0b8a240466482f3e3e079397aca3  ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.ppc.rpm
 c1f995c1738591bf1436386c19f220f8  ppc/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

 Mandrakelinux 9.2:
 73dcbcff5ec15f8d0c683e85357ba292  9.2/RPMS/libpng3-1.2.5-7.5.92mdk.i586.rpm
 7d1493bececc9a48b84061b3eae8d92f  9.2/RPMS/libpng3-devel-1.2.5-7.5.92mdk.i586.rpm
 32d8f720ff4f9e2dcfd7e07a7f3b221c  9.2/RPMS/libpng3-static-devel-1.2.5-7.5.92mdk.i586.rpm
 9ada13b517e9d757874bd235de565fc8  9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 ce8a91d600fba2cdcc4cbfa73528f0cd  amd64/9.2/RPMS/lib64png3-1.2.5-7.5.92mdk.amd64.rpm
 231a4e5d6f11d262bb5bc6b7563ad93f  amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.5.92mdk.amd64.rpm
 1f63ad149a23fd5f2e9c9007b162235b  amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.5.92mdk.amd64.rpm
 9ada13b517e9d757874bd235de565fc8  amd64/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

 Multi Network Firewall 8.2:
 f8ec19565a938e22f23e39b444d208a2  mnf8.2/RPMS/libpng3-1.2.4-3.7.M82mdk.i586.rpm
 99b28bb4446212b3cf099640a876c44e  mnf8.2/SRPMS/libpng-1.2.4-3.7.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBETz6mqjQ0CJFipgRAvFmAKCcUjBy2p3bE5PXyz632vO7913KSgCfQg6n
2U1ygm+s21s2MMZP+5eBG8I=
=zRaM
-----END PGP SIGNATURE-----


------------=_1091649518-595-3634
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1091649518-595-3634--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC