Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201206-15 ] libpng: Multiple vulnerabilities
Date: Fri, 22 Jun 2012 11:12:44
Message-Id: 4FE451B2.8030709@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201206-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: libpng: Multiple vulnerabilities
9 Date: June 22, 2012
10 Bugs: #373967, #386185, #401987, #404197, #410153
11 ID: 201206-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in libpng might allow remote attackers to
19 execute arbitrary code or cause a Denial of Service condition.
20
21 Background
22 ==========
23
24 libpng is a standard library used to process PNG (Portable Network
25 Graphics) images. It is used by several programs, including web
26 browsers and potentially server processes.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 media-libs/libpng < 1.5.10 >= 1.5.10
35 *>= 1.2.49
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in libpng:
41
42 * The "embedded_profile_len()" function in pngwutil.c does not check
43 for negative values, resulting in a memory leak (CVE-2009-5063).
44 * The "png_format_buffer()" function in pngerror.c contains an
45 off-by-one error (CVE-2011-2501).
46 * The "png_rgb_to_gray()" function in pngrtran.c contains an integer
47 overflow error (CVE-2011-2690).
48 * The "png_err()" function in pngerror.c contains a NULL pointer
49 dereference error (CVE-2011-2691).
50 * The "png_handle_sCAL()" function in pngrutil.c improperly handles
51 malformed sCAL chunks(CVE-2011-2692).
52 * The "png_decompress_chunk()" function in pngrutil.c contains an
53 integer overflow error (CVE-2011-3026).
54 * The "png_inflate()" function in pngrutil.c contains and out of bounds
55 error (CVE-2011-3045).
56 * The "png_set_text_2()" function in pngset.c contains an error which
57 could result in memory corruption (CVE-2011-3048).
58 * The "png_formatted_warning()" function in pngerror.c contains an
59 off-by-one error (CVE-2011-3464).
60
61 Impact
62 ======
63
64 An attacker could exploit these vulnerabilities to execute arbitrary
65 code with the permissions of the user running the vulnerable program,
66 which could be the root user, or to cause programs linked against the
67 library to crash.
68
69 Workaround
70 ==========
71
72 There is no known workaround at this time.
73
74 Resolution
75 ==========
76
77 All libpng 1.5 users should upgrade to the latest version:
78
79 # emerge --sync
80 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10"
81
82 All libpng 1.2 users should upgrade to the latest version:
83
84 # emerge --sync
85 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49"
86
87 Packages which depend on this library may need to be recompiled. Tools
88 such as revdep-rebuild may assist in identifying some of these
89 packages.
90
91 References
92 ==========
93
94 [ 1 ] CVE-2009-5063
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063
96 [ 2 ] CVE-2011-2501
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501
98 [ 3 ] CVE-2011-2690
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690
100 [ 4 ] CVE-2011-2691
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691
102 [ 5 ] CVE-2011-2692
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692
104 [ 6 ] CVE-2011-3026
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026
106 [ 7 ] CVE-2011-3045
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045
108 [ 8 ] CVE-2011-3048
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048
110 [ 9 ] CVE-2011-3464
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464
112
113 Availability
114 ============
115
116 This GLSA and any updates to it are available for viewing at
117 the Gentoo Security Website:
118
119 http://security.gentoo.org/glsa/glsa-201206-15.xml
120
121 Concerns?
122 =========
123
124 Security is a primary focus of Gentoo Linux and ensuring the
125 confidentiality and security of our users' machines is of utmost
126 importance to us. Any security concerns should be addressed to
127 security@g.o or alternatively, you may file a bug at
128 https://bugs.gentoo.org.
129
130 License
131 =======
132
133 Copyright 2012 Gentoo Foundation, Inc; referenced text
134 belongs to its owner(s).
135
136 The contents of this document are licensed under the
137 Creative Commons - Attribution / Share Alike license.
138
139 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature