what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

dsa-498.txt

dsa-498.txt
Posted May 3, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 492-1 - Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilized in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.

tags | advisory
systems | linux, debian
advisories | CVE-2004-0421
SHA-256 | 762523435e26cf26004cbc20a5627ad94556e21238f56119fef396db8e36085f

dsa-498.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 498-1 security@debian.org
https://www.debian.org/security/ Martin Schulze
April 30th, 2004 https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : libpng, libpng3
Vulnerability : out of bound access
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0421

Steve Grubb discovered a problem in the Portable Network Graphics
library libpng which is utilised in several applications. When
processing a broken PNG image, the error handling routine will access
memory that is out of bounds when creating an error message.
Depending on machine architecture, bounds checking and other
protective measures, this problem could cause the program to crash if
a defective or intentionally prepared PNG image file is handled by
libpng.

This could be used as a denial of service attack against various
programs that link against this library. The following commands will
show you which packages utilise this library and whose programs should
probably restarted after an upgrade:

apt-cache showpkg libpng2
apt-cache showpkg libpng3

The following security matrix explains which package versions will
contain a correction.

Package stable (woody) unstable (sid)
libpng 1.0.12-3.woody.5 1.0.15-5
libpng3 1.2.1-1.1.woody.5 1.2.5.0-6

We recommend that you upgrade your libpng and related packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

https://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.dsc
Size/MD5 checksum: 579 bb372469c10598bdab815584a793012e
https://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.diff.gz
Size/MD5 checksum: 8544 eb859ba53f11527e17f9ee6f841dea51
https://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c

https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.dsc
Size/MD5 checksum: 582 474b8919fcd3913c2c0e269a4341cacb
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.diff.gz
Size/MD5 checksum: 8948 ec0d3a12f3fff3b54e0473832e8b4264
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d

Alpha architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_alpha.deb
Size/MD5 checksum: 129804 ba59e28e96642d247c49dec5b490df90
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_alpha.deb
Size/MD5 checksum: 270048 5a0c90a374ec854b5245db92c64e18c0

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_alpha.deb
Size/MD5 checksum: 276140 2a1277e1e48c0b04c09d1d6907458bb6
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_alpha.deb
Size/MD5 checksum: 133120 e5aae07a6504392c3af924f0516594a5

ARM architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_arm.deb
Size/MD5 checksum: 108432 ccde2f056e0573decab54dc9b5863a03
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_arm.deb
Size/MD5 checksum: 241164 37f7b9a7e70f8ada93ef4144f3a7b112

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_arm.deb
Size/MD5 checksum: 247362 9a03e85528176935ee656412d1d39f5c
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_arm.deb
Size/MD5 checksum: 111638 61a50fb248af723cd7e7a8359531335f

Intel IA-32 architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_i386.deb
Size/MD5 checksum: 106928 5ebba610b5ea04e708b4b859a421e94d
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_i386.deb
Size/MD5 checksum: 227334 4faf9b8916bbc2def04b0e15f4933c24

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_i386.deb
Size/MD5 checksum: 233082 6a38ed52250de4c76eba02aef5fcb54d
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_i386.deb
Size/MD5 checksum: 110082 4de92f1660f871372e1fad392ef03df0

Intel IA-64 architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_ia64.deb
Size/MD5 checksum: 146464 29a93c7fb358885d31607e68b796d70d
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_ia64.deb
Size/MD5 checksum: 271462 c959b40f0e77635aaf9c24b8be1cf6bf

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_ia64.deb
Size/MD5 checksum: 278608 1e09c2aaf8eeda61581891f6e3ffdaba
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_ia64.deb
Size/MD5 checksum: 151148 ccbd7ac3077ea446070cde5d0717fee8

HP Precision architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_hppa.deb
Size/MD5 checksum: 128434 415d56bb9afd5344b2bfadf70554119b
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_hppa.deb
Size/MD5 checksum: 262252 dc6c82d209413d8200a1828de709f040

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_hppa.deb
Size/MD5 checksum: 269434 e20f5d2fdb4cadea4010c47e6b4ce680
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_hppa.deb
Size/MD5 checksum: 132630 e8ddf5e195465930111de2edafe3a1cb

Motorola 680x0 architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_m68k.deb
Size/MD5 checksum: 103546 912b49f931e2c46730747da0f9aaf3d4
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_m68k.deb
Size/MD5 checksum: 220492 3b0469efbda0028f53540c636ee3707a

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_m68k.deb
Size/MD5 checksum: 226160 bef7a94af6aef0b3ef3379496e5e6f68
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_m68k.deb
Size/MD5 checksum: 106560 1e5ba78b848a81e90a63b803e75be1de

Big endian MIPS architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mips.deb
Size/MD5 checksum: 108554 c1e1f090aa49be62d693892b9e6681a1
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mips.deb
Size/MD5 checksum: 240312 e8e1fcacba1452118884dc3472405ff7

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mips.deb
Size/MD5 checksum: 246804 4f4cd388a577ff7e9d7b1ea646fdc820
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mips.deb
Size/MD5 checksum: 111908 cbff4d8f1bc4a8636bc2cdda221a8f4e

Little endian MIPS architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mipsel.deb
Size/MD5 checksum: 108436 8a0dcd7bd57c59353824b91fedcb3d1a
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mipsel.deb
Size/MD5 checksum: 240178 204f4660f50b943e111a152a7c7a2c23

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mipsel.deb
Size/MD5 checksum: 246732 462742addee5f47e8488698bf30c365c
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mipsel.deb
Size/MD5 checksum: 111836 74db6d7fca696098b1470b93a9490895

PowerPC architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_powerpc.deb
Size/MD5 checksum: 109962 a7fe7934ed97f30e8d7e86f21ffd5f46
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_powerpc.deb
Size/MD5 checksum: 234432 a087736296563bb163fe7167eb157b6e

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_powerpc.deb
Size/MD5 checksum: 240508 7ef271695467ea719eb29fe880300b9d
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_powerpc.deb
Size/MD5 checksum: 113010 4163eb938e5f3b898debc77b700a9174

IBM S/390 architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_s390.deb
Size/MD5 checksum: 110036 62680709ae57096ef5fe9a7c76da614d
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_s390.deb
Size/MD5 checksum: 229300 f0203f50d15d203ce70dce008e1f671d

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_s390.deb
Size/MD5 checksum: 234926 a0c5bd8af72b5e8acdec0b4b8c286300
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_s390.deb
Size/MD5 checksum: 113080 10c4fdf29f8cd673424341f7d53e4c4f

Sun Sparc architecture:

https://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_sparc.deb
Size/MD5 checksum: 109966 0b5f9a9e01934411c61ccbf5062a136c
https://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_sparc.deb
Size/MD5 checksum: 231840 2c2a9b0892a2188264bddf54487de82f

https://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_sparc.deb
Size/MD5 checksum: 237652 913dd15af5d3fb1a5cdb88aeb3cb2715
https://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_sparc.deb
Size/MD5 checksum: 113390 f55bf3b2794d8f3370fae6ef82362d88


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and https://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAkisGW5ql+IAeqTIRAqsaAJ9ovOyIpU9q9DEvXS/Ni/X9DPL6dQCeI1Y6
hFoO20hkBrRLym0DR1u/2yo=
=KGJN
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close