exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2006.209

Mandriva Linux Security Advisory 2006.209
Posted Nov 18, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-209 - A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo, mandriva
advisories | CVE-2006-3334, CVE-2006-5793
SHA-256 | 9f4e63de96b4e6dd2e6c35b3f8b340aca88b6e5a720a265d8d382d8ceb56145a

Mandriva Linux Security Advisory 2006.209

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:209
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libpng
Date : November 16, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name". (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the
patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a
typo in png_set_sPLT() that may cause an application using libpng to
read out of bounds, resulting in a crash. (CVE-2006-5793)

Packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
45ad162b09535faffbcac12958fe49b6 2006.0/i586/libpng3-1.2.8-1.2.20060mdk.i586.rpm
d606c712b0fe3cb2846aa6e7d055e734 2006.0/i586/libpng3-devel-1.2.8-1.2.20060mdk.i586.rpm
2205db07f1fd59257fa7eada8c8f695d 2006.0/i586/libpng3-static-devel-1.2.8-1.2.20060mdk.i586.rpm
7b6c834aaf600fc44a64fa08cdd6961f 2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f977af66ce569366e9a44e4c1a73b715 2006.0/x86_64/lib64png3-1.2.8-1.2.20060mdk.x86_64.rpm
878c585798862bd39a27422252573213 2006.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mdk.x86_64.rpm
4220979712677c242d3e203650ff5236 2006.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mdk.x86_64.rpm
7b6c834aaf600fc44a64fa08cdd6961f 2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
9906d24fb91a92049217263cf0128bfc 2007.0/i586/libpng3-1.2.12-2.2mdv2007.0.i586.rpm
2d8452c09aca5596b29a1392aa250f2e 2007.0/i586/libpng3-devel-1.2.12-2.2mdv2007.0.i586.rpm
38829f47379a45ecfcc9061078b24489 2007.0/i586/libpng3-static-devel-1.2.12-2.2mdv2007.0.i586.rpm
503559d5befe0d3b557422359ca2cb7a 2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1a51b7fe5aabda61d420a573e5fe240e 2007.0/x86_64/lib64png3-1.2.12-2.2mdv2007.0.x86_64.rpm
bb66b6392ad998e1e697c9cb1171687b 2007.0/x86_64/lib64png3-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
232a26557eb1069284ed5ada81492221 2007.0/x86_64/lib64png3-static-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
503559d5befe0d3b557422359ca2cb7a 2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

Corporate 3.0:
881d961819f17791dd2348c2b38153f7 corporate/3.0/i586/libpng3-1.2.5-10.7.C30mdk.i586.rpm
87b087c74ba0466ee6a6aa487c6d7159 corporate/3.0/i586/libpng3-devel-1.2.5-10.7.C30mdk.i586.rpm
5ae5cb1afdf63d50292a0d309f2789da corporate/3.0/i586/libpng3-static-devel-1.2.5-10.7.C30mdk.i586.rpm
3ed80f4657a551ebfff3cb87912ee8bc corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
2ab9e03623fb035928ba711818742bd3 corporate/3.0/x86_64/lib64png3-1.2.5-10.7.C30mdk.x86_64.rpm
dd2480239ee424f20a460fa2a087fcdf corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.7.C30mdk.x86_64.rpm
43ea6b6e435e31978bc54495972e2828 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.7.C30mdk.x86_64.rpm
3ed80f4657a551ebfff3cb87912ee8bc corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

Corporate 4.0:
27c277f505d08abde9ba7ef6ec17123e corporate/4.0/i586/libpng3-1.2.8-1.2.20060mlcs4.i586.rpm
dc70e227da5ec0514d5056319f336076 corporate/4.0/i586/libpng3-devel-1.2.8-1.2.20060mlcs4.i586.rpm
6d267d5422d0e3e9e2868398ed1c8864 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.2.20060mlcs4.i586.rpm
462209b43657d92d6468b161eb779911 corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
090b1f0b32a0b980681b35c8aec5f323 corporate/4.0/x86_64/lib64png3-1.2.8-1.2.20060mlcs4.x86_64.rpm
96f0df2464cc042fc9fabfd3b1304d7a corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm
818a20ce635900040bc7ff3a1b330e38 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm
462209b43657d92d6468b161eb779911 corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
c2faf16ec4411b18adf61729e8cc285e mnf/2.0/i586/libpng3-1.2.5-10.7.M20mdk.i586.rpm
52c3ea1ea57c1574d66bc62dab0b3df6 mnf/2.0/i586/libpng3-devel-1.2.5-10.7.M20mdk.i586.rpm
ba313a457f4647177ad33ba7fab48d4e mnf/2.0/i586/libpng3-static-devel-1.2.5-10.7.M20mdk.i586.rpm
9cb65939c4d3165b2c806ae5b64cab08 mnf/2.0/SRPMS/libpng-1.2.5-10.7.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFXLdcmqjQ0CJFipgRAhDYAJ92K8724DBC+sLsJIxWCpyMCb32rACcDd5R
sgDMNY3YOYC5pPDKaAoviMM=
=vlRo
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close