[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml
Date:	Tue, 05 Oct 2010 22:03:37
Message-Id:	`20101005212612.343F920051@flycatcher.gentoo.org`

1

py          10/10/05 21:26:12

2

3

  Added:                glsa-201010-01.xml

4

  Log:

5

  GLSA 201010-01

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201010-01.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201010-01.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="201010-01">

21

  <title>Libpng: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Multiple vulnerabilities in libpng might lead to privilege escalation or a

24

    Denial of Service.

25

  </synopsis>

26

  <product type="ebuild">libpng</product>

27

  <announced>October 05, 2010</announced>

28

  <revised>October 05, 2010: 01</revised>

29

  <bug>307637</bug>

30

  <bug>324153</bug>

31

  <bug>335887</bug>

32

  <access>remote</access>

33

  <affected>

34

    <package name="media-libs/libpng" auto="yes" arch="*">

35

      <unaffected range="ge">1.4.3</unaffected>

36

      <vulnerable range="lt">1.4.3</vulnerable>

37

    </package>

38

  </affected>

39

  <background>

40

<p>

41

    libpng is a standard library used to process PNG (Portable Network

42

    Graphics) images. It is used by several programs, including web

43

    browsers and potentially server processes.

44

    </p>

45

  </background>

46

  <description>

47

<p>

48

    Multiple vulnerabilities were found in libpng:

49

    </p>

50

    <ul><li>The

51

    png_decompress_chunk() function in pngrutil.c does not properly handle

52

    certain type of compressed data (CVE-2010-0205)</li>

53

    <li>A buffer

54

    overflow in pngread.c when using progressive applications

55

    (CVE-2010-1205)</li>

56

    <li>A memory leak in pngrutil.c when dealing with

57

    a certain type of chunks (CVE-2010-2249)</li>

58

    </ul>

59

  </description>

60

  <impact type="normal">

61

<p>

62

    An attacker could exploit these vulnerabilities to cause programs

63

    linked against the library to crash or execute arbitrary code with the

64

    permissions of the user running the vulnerable program, which could be

65

    the root user.

66

    </p>

67

  </impact>

68

  <workaround>

69

<p>

70

    There is no known workaround at this time.

71

    </p>

72

  </workaround>

73

  <resolution>

74

<p>

75

    All libpng users should upgrade to the latest version:

76

    </p>

77

    <code>

78

    # emerge --sync

79

    # emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libpng-1.4.3&quot;</code>

80

  </resolution>

81

  <references>

82

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205">CVE-2010-0205</uri>

83

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205">CVE-2010-1205</uri>

84

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249">CVE-2010-2249</uri>

85

  </references>

86

  <metadata tag="requester" timestamp="Sun, 01 Aug 2010 12:51:01 +0000">

87

    craig

88

  </metadata>

89

  <metadata tag="submitter" timestamp="Tue, 28 Sep 2010 18:37:13 +0000">

90

p-y

91

  </metadata>

92

  <metadata tag="bugReady" timestamp="Tue, 28 Sep 2010 18:37:43 +0000">

93

p-y

94

  </metadata>

95

</glsa>

1	py 10/10/05 21:26:12
2
3	Added: glsa-201010-01.xml
4	Log:
5	GLSA 201010-01
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201010-01.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201010-01.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="201010-01">
21	<title>Libpng: Multiple vulnerabilities</title>
22	<synopsis>
23	Multiple vulnerabilities in libpng might lead to privilege escalation or a
24	Denial of Service.
25	</synopsis>
26	<product type="ebuild">libpng</product>
27	<announced>October 05, 2010</announced>
28	<revised>October 05, 2010: 01</revised>
29	<bug>307637</bug>
30	<bug>324153</bug>
31	<bug>335887</bug>
32	<access>remote</access>
33	<affected>
34	<package name="media-libs/libpng" auto="yes" arch="*">
35	<unaffected range="ge">1.4.3</unaffected>
36	<vulnerable range="lt">1.4.3</vulnerable>
37	</package>
38	</affected>
39	<background>
40	<p>
41	libpng is a standard library used to process PNG (Portable Network
42	Graphics) images. It is used by several programs, including web
43	browsers and potentially server processes.
44	</p>
45	</background>
46	<description>
47	<p>
48	Multiple vulnerabilities were found in libpng:
49	</p>
50	<ul><li>The
51	png_decompress_chunk() function in pngrutil.c does not properly handle
52	certain type of compressed data (CVE-2010-0205)</li>
53	<li>A buffer
54	overflow in pngread.c when using progressive applications
55	(CVE-2010-1205)</li>
56	<li>A memory leak in pngrutil.c when dealing with
57	a certain type of chunks (CVE-2010-2249)</li>
58	</ul>
59	</description>
60	<impact type="normal">
61	<p>
62	An attacker could exploit these vulnerabilities to cause programs
63	linked against the library to crash or execute arbitrary code with the
64	permissions of the user running the vulnerable program, which could be
65	the root user.
66	</p>
67	</impact>
68	<workaround>
69	<p>
70	There is no known workaround at this time.
71	</p>
72	</workaround>
73	<resolution>
74	<p>
75	All libpng users should upgrade to the latest version:
76	</p>
77	<code>
78	# emerge --sync
79	# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"</code>
80	</resolution>
81	<references>
82	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205">CVE-2010-0205</uri>
83	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205">CVE-2010-1205</uri>
84	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249">CVE-2010-2249</uri>
85	</references>
86	<metadata tag="requester" timestamp="Sun, 01 Aug 2010 12:51:01 +0000">
87	craig
88	</metadata>
89	<metadata tag="submitter" timestamp="Tue, 28 Sep 2010 18:37:13 +0000">
90	p-y
91	</metadata>
92	<metadata tag="bugReady" timestamp="Tue, 28 Sep 2010 18:37:43 +0000">
93	p-y
94	</metadata>
95	</glsa>

Gentoo Archives: gentoo-commits