lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 4 Aug 2004 19:46:02 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:079 - Updated libpng packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libpng
 Advisory ID:            MDKSA-2004:079
 Date:                   August 4th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the libpng graphics
 library, including a remotely exploitable stack-based buffer overrun in
 the png_handle_tRNS function, dangerous code in png_handle_sBIT, a
 possible NULL-pointer crash in png_handle_iCCP (which is also
 duplicated in multiple other locations), a theoretical integer overflow
 in png_read_png, and integer overflows during progressive reading.
 
 All users are encouraged to upgrade immediately.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  http://www.kb.cert.org/vuls/id/388984
  http://www.kb.cert.org/vuls/id/236656
  http://www.kb.cert.org/vuls/id/160448
  http://www.kb.cert.org/vuls/id/477512
  http://www.kb.cert.org/vuls/id/286464
  http://www.kb.cert.org/vuls/id/817368
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5f2e0ce336d0854b79426e3ee2fc9c1c  10.0/RPMS/libpng3-1.2.5-10.5.100mdk.i586.rpm
 a08aee71d41f2fd270e657053ed16a18  10.0/RPMS/libpng3-devel-1.2.5-10.5.100mdk.i586.rpm
 997b909be31340ab48a5c8266364d9f1  10.0/RPMS/libpng3-static-devel-1.2.5-10.5.100mdk.i586.rpm
 5402d26cab5f03469f22f10e7279a64f  10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 7f4dbf94ab247849e8efb3034c6bb046  amd64/10.0/RPMS/lib64png3-1.2.5-10.5.100mdk.amd64.rpm
 7f2e23c89e39423b2499798cad32fc13  amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.5.100mdk.amd64.rpm
 ac6b7e03e3e816efa8744816d596338f  amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.5.100mdk.amd64.rpm
 5402d26cab5f03469f22f10e7279a64f  amd64/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm

 Corporate Server 2.1:
 6cf56378665f973c6b96a487db31f2df  corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.i586.rpm
 4dfb84e68f30cc4de1ddf2085ef74ebd  corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.i586.rpm
 68adca80324ccf10ecf386466673ff5e  corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.i586.rpm
 e37d6b112471f9fbd39eee11db336a8e  corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 bb2f7ccff93adcf0f466cb4741f09440  x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.x86_64.rpm
 22bd27f48fa0fd1e0510c3066ab67325  x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.x86_64.rpm
 769bb0aa09bf26b1ff64a9cd5e5a452e  x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.x86_64.rpm
 e37d6b112471f9fbd39eee11db336a8e  x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

 Mandrakelinux 9.1:
 6fd39e5ee6bc8dc031bf3ea4608b2dcf  9.1/RPMS/libpng3-1.2.5-2.5.91mdk.i586.rpm
 e29e3f15812654860e80987ff169ed0a  9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.i586.rpm
 f8fbbf2d3bd57ffb967a12fa84806793  9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.i586.rpm
 c1f995c1738591bf1436386c19f220f8  9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 db141bfa829164296790fc5ecaeca8af  ppc/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.ppc.rpm
 cf12eb035d71e045bca05a351d2e12b5  ppc/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.ppc.rpm
 37ed0b8a240466482f3e3e079397aca3  ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.ppc.rpm
 c1f995c1738591bf1436386c19f220f8  ppc/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm

 Mandrakelinux 9.2:
 73dcbcff5ec15f8d0c683e85357ba292  9.2/RPMS/libpng3-1.2.5-7.5.92mdk.i586.rpm
 7d1493bececc9a48b84061b3eae8d92f  9.2/RPMS/libpng3-devel-1.2.5-7.5.92mdk.i586.rpm
 32d8f720ff4f9e2dcfd7e07a7f3b221c  9.2/RPMS/libpng3-static-devel-1.2.5-7.5.92mdk.i586.rpm
 9ada13b517e9d757874bd235de565fc8  9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 ce8a91d600fba2cdcc4cbfa73528f0cd  amd64/9.2/RPMS/lib64png3-1.2.5-7.5.92mdk.amd64.rpm
 231a4e5d6f11d262bb5bc6b7563ad93f  amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.5.92mdk.amd64.rpm
 1f63ad149a23fd5f2e9c9007b162235b  amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.5.92mdk.amd64.rpm
 9ada13b517e9d757874bd235de565fc8  amd64/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm

 Multi Network Firewall 8.2:
 f8ec19565a938e22f23e39b444d208a2  mnf8.2/RPMS/libpng3-1.2.4-3.7.M82mdk.i586.rpm
 99b28bb4446212b3cf099640a876c44e  mnf8.2/SRPMS/libpng-1.2.4-3.7.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBETz6mqjQ0CJFipgRAvFmAKCcUjBy2p3bE5PXyz632vO7913KSgCfQg6n
2U1ygm+s21s2MMZP+5eBG8I=
=zRaM
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists