[PLDSA 13-1] New libpng packages fix buffer overflow

Krzysiek Taraszka dzimi at pld.org.pl
Thu Jan 30 14:10:35 CET 2003


- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 13-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
11 January 2003 			http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to libpng-1.0.14-1		
Vulnerability  : buffer overflow
Problem-Type   : remote
PLD-specific   : no
CVE references : CAN-2002-1363

Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files.  The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer.

The above problems have been fixed in version 1.0.15-1 for the
current stable distribution (ra).

We recommend that you upgrade your libpng packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'libpng*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'libpng*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/libpng-1.0.15-1.src.rpm
       MD5 checksum: 1888de40c274682215e798d51584753e

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-1.0.15-1.i386.rpm
       MD5 checksum: 3e76d9998894e419d70eb7bca696729c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-devel-1.0.15-1.i386.rpm
       MD5 checksum: 3266ce79f894a8edd94e549f6db02ae9

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-progs-1.0.15-1.i386.rpm
       MD5 checksum: 5002d3104d589d831f13e9ae18aedd4f

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-static-1.0.15-1.i386.rpm
       MD5 checksum: 71d4276ea3516eab1c7a6d41d38c5fde


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-1.0.15-1.i586.rpm
       MD5 checksum: 6e4842919474563b19c4eb6559513cc7

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-devel-1.0.15-1.i586.rpm
       MD5 checksum: 50396c3a4606a01a3389603d657bfbc8

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-progs-1.0.15-1.i586.rpm
       MD5 checksum: 6274d85c33b714d871b32faf7388b446

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-static-1.0.15-1.i586.rpm
       MD5 checksum: aad18b0f230f18df1c70431c6e1bc0eb


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-1.0.15-1.i686.rpm
       MD5 checksum: 6521672aaaeedc21c562276e59c1075e

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-devel-1.0.15-1.i686.rpm
       MD5 checksum: 4e847cc870e32f8db5ef62c3f3b89eb7

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-progs-1.0.15-1.i686.rpm
       MD5 checksum: fe39d8e65508918d84fa08cc8c53fcaa

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-static-1.0.15-1.i686.rpm
       MD5 checksum: 54d192584667197d635fb2f8aca6596b


  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-1.0.15-1.ppc.rpm
       MD5 checksum: 0fe78c7ddcebd7260866870097db980c

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-devel-1.0.15-1.ppc.rpm
       MD5 checksum: 197844a8efef5fa77d233da9edf9f3ea

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-progs-1.0.15-1.ppc.rpm
       MD5 checksum: ffabc69618e09cdefab65a39b1d7c695

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-static-1.0.15-1.ppc.rpm
       MD5 checksum: 9a4cec1fcd79b3971b09b1525c8bd143


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security



More information about the pld-security-announce mailing list