[gentoo-announce] [ GLSA 200607-06 ] libpng: Buffer overflow - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200607-06 ] libpng: Buffer overflow
Date:	Wed, 19 Jul 2006 17:19:49
Message-Id:	`44BE63D4.7000503@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200607-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: libpng: Buffer overflow

9

      Date: July 19, 2006

10

      Bugs: #138433, #138672

11

        ID: 200607-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

A buffer overflow has been found in the libpng library that could lead

19

to the execution of arbitrary code.

20

21

Background

22

==========

23

24

libpng is an open, extensible image format library, with lossless

25

compression.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package                  /  Vulnerable  /              Unaffected

32

    -------------------------------------------------------------------

33

  1  libpng                       < 1.2.12                   >= 1.2.12

34

  2  emul-linux-x86-baselibs       < 2.5.1                    >= 2.5.1

35

    -------------------------------------------------------------------

36

     # Package 2 [app-emulation/emul-linux-x86-baselibs] only applies

37

       to AMD64 users.

38

39

     NOTE: Any packages listed without architecture tags apply to all

40

           architectures...

41

    -------------------------------------------------------------------

42

     2 affected packages

43

    -------------------------------------------------------------------

44

45

Description

46

===========

47

48

In pngrutil.c, the function png_decompress_chunk() allocates

49

insufficient space for an error message, potentially overwriting stack

50

data, leading to a buffer overflow.

51

52

Impact

53

======

54

55

By enticing a user to load a maliciously crafted PNG image, an attacker

56

could execute arbitrary code with the rights of the user, or crash the

57

application using the libpng library, such as the

58

emul-linux-x86-baselibs.

59

60

Workaround

61

==========

62

63

There is no known workaround at this time.

64

65

Resolution

66

==========

67

68

All libpng users should upgrade to the latest version:

69

70

    # emerge --sync

71

    # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.12"

72

73

All AMD64 emul-linux-x86-baselibs users should also upgrade to the

74

latest version:

75

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose

78

">=app-emulation/emul-linux-x86-baselibs-2.5.1"

79

80

References

81

==========

82

83

  [ 1 ] libpng Changelog

84

85

http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-README.txt

86

  [ 2 ] CVE-2006-3334

87

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200607-06.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2006 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200607-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: libpng: Buffer overflow
9	Date: July 19, 2006
10	Bugs: #138433, #138672
11	ID: 200607-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	A buffer overflow has been found in the libpng library that could lead
19	to the execution of arbitrary code.
20
21	Background
22	==========
23
24	libpng is an open, extensible image format library, with lossless
25	compression.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 libpng < 1.2.12 >= 1.2.12
34	2 emul-linux-x86-baselibs < 2.5.1 >= 2.5.1
35	-------------------------------------------------------------------
36	# Package 2 [app-emulation/emul-linux-x86-baselibs] only applies
37	to AMD64 users.
38
39	NOTE: Any packages listed without architecture tags apply to all
40	architectures...
41	-------------------------------------------------------------------
42	2 affected packages
43	-------------------------------------------------------------------
44
45	Description
46	===========
47
48	In pngrutil.c, the function png_decompress_chunk() allocates
49	insufficient space for an error message, potentially overwriting stack
50	data, leading to a buffer overflow.
51
52	Impact
53	======
54
55	By enticing a user to load a maliciously crafted PNG image, an attacker
56	could execute arbitrary code with the rights of the user, or crash the
57	application using the libpng library, such as the
58	emul-linux-x86-baselibs.
59
60	Workaround
61	==========
62
63	There is no known workaround at this time.
64
65	Resolution
66	==========
67
68	All libpng users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.12"
72
73	All AMD64 emul-linux-x86-baselibs users should also upgrade to the
74	latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose
78	">=app-emulation/emul-linux-x86-baselibs-2.5.1"
79
80	References
81	==========
82
83	[ 1 ] libpng Changelog
84
85	http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-README.txt
86	[ 2 ] CVE-2006-3334
87	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200607-06.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2006 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.5