[gentoo-announce] [ GLSA 200711-08 ] libpng: Multiple Denials of Service - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200711-08 ] libpng: Multiple Denials of Service
Date:	Wed, 07 Nov 2007 20:31:12
Message-Id:	`47321CE3.3090109@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200711-08

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: libpng: Multiple Denials of Service

12

      Date: November 07, 2007

13

      Bugs: #195261

14

        ID: 200711-08

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Several vulnerabilities in libpng may allow a remote attacker to crash

22

applications that handle untrusted images.

23

24

Background

25

==========

26

27

libpng is a free ANSI C library used to process and manipulate PNG

28

images.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package            /   Vulnerable   /                  Unaffected

35

    -------------------------------------------------------------------

36

  1  media-libs/libpng      < 1.2.21-r3                   >= 1.2.21-r3

37

38

Description

39

===========

40

41

An off-by-one error when handling ICC profile chunks in the

42

png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and

43

Jeff Phillips reported several errors in pngrtran.c, the use of logical

44

instead of a bitwise functions and incorrect comparisons

45

(CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in

46

several PNG chunk handling functions (CVE-2007-5269).

47

48

Impact

49

======

50

51

A remote attacker could craft an image that when processed or viewed by

52

an application using libpng would cause the application to terminate

53

abnormally.

54

55

Workaround

56

==========

57

58

There is no known workaround at this time.

59

60

Resolution

61

==========

62

63

All libpng users should upgrade to the latest version:

64

65

    # emerge --sync

66

    # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.21-r3"

67

68

References

69

==========

70

71

  [ 1 ] CVE-2007-5266

72

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266

73

  [ 2 ] CVE-2007-5268

74

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268

75

  [ 3 ] CVE-2007-5269

76

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269

77

78

Availability

79

============

80

81

This GLSA and any updates to it are available for viewing at

82

the Gentoo Security Website:

83

84

  http://security.gentoo.org/glsa/glsa-200711-08.xml

85

86

Concerns?

87

=========

88

89

Security is a primary focus of Gentoo Linux and ensuring the

90

confidentiality and security of our users machines is of utmost

91

importance to us. Any security concerns should be addressed to

92

security@g.o or alternatively, you may file a bug at

93

http://bugs.gentoo.org.

94

95

License

96

=======

97

98

Copyright 2007 Gentoo Foundation, Inc; referenced text

99

belongs to its owner(s).

100

101

The contents of this document are licensed under the

102

Creative Commons - Attribution / Share Alike license.

103

104

http://creativecommons.org/licenses/by-sa/2.5

105

-----BEGIN PGP SIGNATURE-----

106

Version: GnuPG v1.4.7 (GNU/Linux)

107

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

108

109

iD8DBQFHMhzjuhJ+ozIKI5gRAvvcAJ9POnVZo+5eGaeH6xELJSZhC6eeuwCffECb

110

KS8p+WDYlscGB/Ry4EVHkuc=

111

=nG1m

112

-----END PGP SIGNATURE-----

113

--

114

gentoo-announce@g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200711-08
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: libpng: Multiple Denials of Service
12	Date: November 07, 2007
13	Bugs: #195261
14	ID: 200711-08
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Several vulnerabilities in libpng may allow a remote attacker to crash
22	applications that handle untrusted images.
23
24	Background
25	==========
26
27	libpng is a free ANSI C library used to process and manipulate PNG
28	images.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 media-libs/libpng < 1.2.21-r3 >= 1.2.21-r3
37
38	Description
39	===========
40
41	An off-by-one error when handling ICC profile chunks in the
42	png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and
43	Jeff Phillips reported several errors in pngrtran.c, the use of logical
44	instead of a bitwise functions and incorrect comparisons
45	(CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in
46	several PNG chunk handling functions (CVE-2007-5269).
47
48	Impact
49	======
50
51	A remote attacker could craft an image that when processed or viewed by
52	an application using libpng would cause the application to terminate
53	abnormally.
54
55	Workaround
56	==========
57
58	There is no known workaround at this time.
59
60	Resolution
61	==========
62
63	All libpng users should upgrade to the latest version:
64
65	# emerge --sync
66	# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.21-r3"
67
68	References
69	==========
70
71	[ 1 ] CVE-2007-5266
72	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
73	[ 2 ] CVE-2007-5268
74	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
75	[ 3 ] CVE-2007-5269
76	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
77
78	Availability
79	============
80
81	This GLSA and any updates to it are available for viewing at
82	the Gentoo Security Website:
83
84	http://security.gentoo.org/glsa/glsa-200711-08.xml
85
86	Concerns?
87	=========
88
89	Security is a primary focus of Gentoo Linux and ensuring the
90	confidentiality and security of our users machines is of utmost
91	importance to us. Any security concerns should be addressed to
92	security@g.o or alternatively, you may file a bug at
93	http://bugs.gentoo.org.
94
95	License
96	=======
97
98	Copyright 2007 Gentoo Foundation, Inc; referenced text
99	belongs to its owner(s).
100
101	The contents of this document are licensed under the
102	Creative Commons - Attribution / Share Alike license.
103
104	http://creativecommons.org/licenses/by-sa/2.5
105	-----BEGIN PGP SIGNATURE-----
106	Version: GnuPG v1.4.7 (GNU/Linux)
107	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
108
109	iD8DBQFHMhzjuhJ+ozIKI5gRAvvcAJ9POnVZo+5eGaeH6xELJSZhC6eeuwCffECb
110	KS8p+WDYlscGB/Ry4EVHkuc=
111	=nG1m
112	-----END PGP SIGNATURE-----
113	--
114	gentoo-announce@g.o mailing list

Gentoo Archives: gentoo-announce