[PLDSA 13-1] New libpng packages fix buffer overflow
Krzysiek Taraszka
dzimi at pld.org.pl
Thu Jan 30 14:10:35 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 13-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
11 January 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to libpng-1.0.14-1
Vulnerability : buffer overflow
Problem-Type : remote
PLD-specific : no
CVE references : CAN-2002-1363
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer.
The above problems have been fixed in version 1.0.15-1 for the
current stable distribution (ra).
We recommend that you upgrade your libpng packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'libpng*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'libpng*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/libpng-1.0.15-1.src.rpm
MD5 checksum: 1888de40c274682215e798d51584753e
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-1.0.15-1.i386.rpm
MD5 checksum: 3e76d9998894e419d70eb7bca696729c
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-devel-1.0.15-1.i386.rpm
MD5 checksum: 3266ce79f894a8edd94e549f6db02ae9
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-progs-1.0.15-1.i386.rpm
MD5 checksum: 5002d3104d589d831f13e9ae18aedd4f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/libpng-static-1.0.15-1.i386.rpm
MD5 checksum: 71d4276ea3516eab1c7a6d41d38c5fde
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-1.0.15-1.i586.rpm
MD5 checksum: 6e4842919474563b19c4eb6559513cc7
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-devel-1.0.15-1.i586.rpm
MD5 checksum: 50396c3a4606a01a3389603d657bfbc8
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-progs-1.0.15-1.i586.rpm
MD5 checksum: 6274d85c33b714d871b32faf7388b446
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/libpng-static-1.0.15-1.i586.rpm
MD5 checksum: aad18b0f230f18df1c70431c6e1bc0eb
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-1.0.15-1.i686.rpm
MD5 checksum: 6521672aaaeedc21c562276e59c1075e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-devel-1.0.15-1.i686.rpm
MD5 checksum: 4e847cc870e32f8db5ef62c3f3b89eb7
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-progs-1.0.15-1.i686.rpm
MD5 checksum: fe39d8e65508918d84fa08cc8c53fcaa
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/libpng-static-1.0.15-1.i686.rpm
MD5 checksum: 54d192584667197d635fb2f8aca6596b
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-1.0.15-1.ppc.rpm
MD5 checksum: 0fe78c7ddcebd7260866870097db980c
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-devel-1.0.15-1.ppc.rpm
MD5 checksum: 197844a8efef5fa77d233da9edf9f3ea
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-progs-1.0.15-1.ppc.rpm
MD5 checksum: ffabc69618e09cdefab65a39b1d7c695
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/libpng-static-1.0.15-1.ppc.rpm
MD5 checksum: 9a4cec1fcd79b3971b09b1525c8bd143
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list