Jump to content

Updated libpng packages fix vulnerabilities

mystified
 Share

Recommended Posts

mystified Platinum

mystified

Posted
Posted

Mandrakesoft Security Advisories

 

Package name libpng

Date August 4th, 2004

Advisory ID MDKSA-2004:079

Affected versions 9.1, 9.2, 10.0, MNF8.2, CS2.1

Synopsis Updated libpng packages fix multiple vulnerabilities

 

 

Problem Description

 

Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL-pointer crash in png_handle_iCCP (which is also duplicated in multiple other locations), a theoretical integer overflow in png_read_png, and integer overflows during progressive reading.

 

All users are encouraged to upgrade immediately.

 

 

Updated Packages

 

 

Mandrakelinux 9.1

 

6fd39e5ee6bc8dc031bf3ea4608b2dcf 9.1/RPMS/libpng3-1.2.5-2.5.91mdk.i586.rpm

e29e3f15812654860e80987ff169ed0a 9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.i586.rpm

f8fbbf2d3bd57ffb967a12fa84806793 9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.i586.rpm

c1f995c1738591bf1436386c19f220f8 9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

 

Mandrakelinux 9.1/PPC

 

db141bfa829164296790fc5ecaeca8af ppc/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.ppc.rpm

cf12eb035d71e045bca05a351d2e12b5 ppc/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.ppc.rpm

37ed0b8a240466482f3e3e079397aca3 ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.ppc.rpm

c1f995c1738591bf1436386c19f220f8 ppc/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

 

Mandrakelinux 9.2

 

73dcbcff5ec15f8d0c683e85357ba292 9.2/RPMS/libpng3-1.2.5-7.5.92mdk.i586.rpm

7d1493bececc9a48b84061b3eae8d92f 9.2/RPMS/libpng3-devel-1.2.5-7.5.92mdk.i586.rpm

32d8f720ff4f9e2dcfd7e07a7f3b221c 9.2/RPMS/libpng3-static-devel-1.2.5-7.5.92mdk.i586.rpm

9ada13b517e9d757874bd235de565fc8 9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

ce8a91d600fba2cdcc4cbfa73528f0cd amd64/9.2/RPMS/lib64png3-1.2.5-7.5.92mdk.amd64.rpm

231a4e5d6f11d262bb5bc6b7563ad93f amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.5.92mdk.amd64.rpm

1f63ad149a23fd5f2e9c9007b162235b amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.5.92mdk.amd64.rpm

9ada13b517e9d757874bd235de565fc8 amd64/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

 

Mandrakelinux 10.0

 

5f2e0ce336d0854b79426e3ee2fc9c1c 10.0/RPMS/libpng3-1.2.5-10.5.100mdk.i586.rpm

a08aee71d41f2fd270e657053ed16a18 10.0/RPMS/libpng3-devel-1.2.5-10.5.100mdk.i586.rpm

997b909be31340ab48a5c8266364d9f1 10.0/RPMS/libpng3-static-devel-1.2.5-10.5.100mdk.i586.rpm

5402d26cab5f03469f22f10e7279a64f 10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

7f4dbf94ab247849e8efb3034c6bb046 amd64/10.0/RPMS/lib64png3-1.2.5-10.5.100mdk.amd64.rpm

7f2e23c89e39423b2499798cad32fc13 amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.5.100mdk.amd64.rpm

ac6b7e03e3e816efa8744816d596338f amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.5.100mdk.amd64.rpm

5402d26cab5f03469f22f10e7279a64f amd64/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

 

Multi Network Firewall 8.2

 

f8ec19565a938e22f23e39b444d208a2 mnf8.2/RPMS/libpng3-1.2.4-3.7.M82mdk.i586.rpm

99b28bb4446212b3cf099640a876c44e mnf8.2/SRPMS/libpng-1.2.4-3.7.M82mdk.src.rpm

 

Corporate Server 2.1

 

6cf56378665f973c6b96a487db31f2df corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.i586.rpm

4dfb84e68f30cc4de1ddf2085ef74ebd corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.i586.rpm

68adca80324ccf10ecf386466673ff5e corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.i586.rpm

e37d6b112471f9fbd39eee11db336a8e corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

 

Corporate Server 2.1/X86_64

 

bb2f7ccff93adcf0f466cb4741f09440 x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.x86_64.rpm

22bd27f48fa0fd1e0510c3066ab67325 x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.x86_64.rpm

769bb0aa09bf26b1ff64a9cd5e5a452e x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.x86_64.rpm

e37d6b112471f9fbd39eee11db336a8e x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

http://www.kb.cert.org/vuls/id/388984

http://www.kb.cert.org/vuls/id/236656

http://www.kb.cert.org/vuls/id/160448

http://www.kb.cert.org/vuls/id/477512

http://www.kb.cert.org/vuls/id/286464

http://www.kb.cert.org/vuls/id/817368

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...