Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:156 ] - Updated libpng packages fix vulnerability
From: security () mandriva com
Date: Mon, 28 Jul 2008 17:52:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:156
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libpng
 Date    : July 28, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy of the Google Security Team discovered a flaw in how
 libpng handles zero-length unknown chunks in PNG files, which could
 lead to memory corruption in applications that make use of certain
 functions (CVE-2008-1382).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 328d67168d50a5275919b40845a55fae  2007.1/i586/libpng3-1.2.13-2.3mdv2007.1.i586.rpm
 4a5ac2460608139834eb7cd20bec7fea  2007.1/i586/libpng3-devel-1.2.13-2.3mdv2007.1.i586.rpm
 b52c8961f58bc7a9a6d5d102c2a75f96  2007.1/i586/libpng3-static-devel-1.2.13-2.3mdv2007.1.i586.rpm 
 78e5b22e668df03ed267ba74bf4f296a  2007.1/SRPMS/libpng-1.2.13-2.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 9e8ffa3e7768314e558bfb36fc272f10  2007.1/x86_64/lib64png3-1.2.13-2.3mdv2007.1.x86_64.rpm
 247ccd57b51b378231f1064fca1f8b15  2007.1/x86_64/lib64png3-devel-1.2.13-2.3mdv2007.1.x86_64.rpm
 5f29761ec9564b9f1b5e28fc13568e2d  2007.1/x86_64/lib64png3-static-devel-1.2.13-2.3mdv2007.1.x86_64.rpm 
 78e5b22e668df03ed267ba74bf4f296a  2007.1/SRPMS/libpng-1.2.13-2.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e2f33ddc8d287d32f085fbe736cd99d9  2008.0/i586/libpng3-1.2.22-0.2mdv2008.0.i586.rpm
 c6e49fb9ee07fdc2ef64f8727945d995  2008.0/i586/libpng-devel-1.2.22-0.2mdv2008.0.i586.rpm
 af3c911c477924ba32c398d921684286  2008.0/i586/libpng-source-1.2.22-0.2mdv2008.0.i586.rpm
 4be3e32680b5ae0885c410cc7dcb673c  2008.0/i586/libpng-static-devel-1.2.22-0.2mdv2008.0.i586.rpm 
 df595ba0c708ba4d17c2e701e89ace3f  2008.0/SRPMS/libpng-1.2.22-0.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 8903bb17017b3ee24dd9efa5645ce950  2008.0/x86_64/lib64png3-1.2.22-0.2mdv2008.0.x86_64.rpm
 13830901c08977e18bc40e2de6f4f012  2008.0/x86_64/lib64png-devel-1.2.22-0.2mdv2008.0.x86_64.rpm
 736d3eabfd20c3f5b0400cdd0daeb1ff  2008.0/x86_64/lib64png-static-devel-1.2.22-0.2mdv2008.0.x86_64.rpm
 00f1f10f493b4859dac5961cc20846e7  2008.0/x86_64/libpng-source-1.2.22-0.2mdv2008.0.x86_64.rpm 
 df595ba0c708ba4d17c2e701e89ace3f  2008.0/SRPMS/libpng-1.2.22-0.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 127edcf2e0db074ab54e2115c4079774  2008.1/i586/libpng3-1.2.25-2.1mdv2008.1.i586.rpm
 c6f0302fcac1c4204f83345e17d0714a  2008.1/i586/libpng-devel-1.2.25-2.1mdv2008.1.i586.rpm
 b7d5ea52ece77b8a5cfad691e80d86af  2008.1/i586/libpng-source-1.2.25-2.1mdv2008.1.i586.rpm
 e33a51fb3cf079f5183fbfec62945d63  2008.1/i586/libpng-static-devel-1.2.25-2.1mdv2008.1.i586.rpm 
 0ebc68ab40793c52cb1ed92545b690bd  2008.1/SRPMS/libpng-1.2.25-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 ff6d4a6a4d8d2c87c753c2e003584eda  2008.1/x86_64/lib64png3-1.2.25-2.1mdv2008.1.x86_64.rpm
 b09c32d6b8f3a95ac7ff044d3118d620  2008.1/x86_64/lib64png-devel-1.2.25-2.1mdv2008.1.x86_64.rpm
 cda848ff05653640b2306a25458cc2f1  2008.1/x86_64/lib64png-static-devel-1.2.25-2.1mdv2008.1.x86_64.rpm
 f2be7e503102a46c7e6df1c385b3080a  2008.1/x86_64/libpng-source-1.2.25-2.1mdv2008.1.x86_64.rpm 
 0ebc68ab40793c52cb1ed92545b690bd  2008.1/SRPMS/libpng-1.2.25-2.1mdv2008.1.src.rpm

 Corporate 3.0:
 e94d77d776ab04e5d641b80cb4f067c1  corporate/3.0/i586/libpng3-1.2.5-10.10.C30mdk.i586.rpm
 7568581fa685f67b99ab377ea8ec4d6c  corporate/3.0/i586/libpng3-devel-1.2.5-10.10.C30mdk.i586.rpm
 feda1fe0f0126c9147b545cc202fe8b0  corporate/3.0/i586/libpng3-static-devel-1.2.5-10.10.C30mdk.i586.rpm 
 64475a8af64644e49b354d56501ac0fb  corporate/3.0/SRPMS/libpng-1.2.5-10.10.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 636124a5fa31a10a6ddabe66f58944b9  corporate/3.0/x86_64/lib64png3-1.2.5-10.10.C30mdk.x86_64.rpm
 310fd92035b6f7e86aec2c01f88da0e2  corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.10.C30mdk.x86_64.rpm
 87827d072121bebfd0ae2cdbacea9cc8  corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.10.C30mdk.x86_64.rpm 
 64475a8af64644e49b354d56501ac0fb  corporate/3.0/SRPMS/libpng-1.2.5-10.10.C30mdk.src.rpm

 Corporate 4.0:
 8203ca10282141997aaf7d3274a1741a  corporate/4.0/i586/libpng3-1.2.8-1.5.20060mlcs4.i586.rpm
 8476cfe63ae99781144a0c88e93995db  corporate/4.0/i586/libpng3-devel-1.2.8-1.5.20060mlcs4.i586.rpm
 16521bc77b5faeab13197f779eee2430  corporate/4.0/i586/libpng3-static-devel-1.2.8-1.5.20060mlcs4.i586.rpm 
 b540ed0b099dbd9313aa51a054f94a2d  corporate/4.0/SRPMS/libpng-1.2.8-1.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6c01d458c88701b5a59c333368a26902  corporate/4.0/x86_64/lib64png3-1.2.8-1.5.20060mlcs4.x86_64.rpm
 d7d737ca6e1386eaff5b7c4a473a1ff3  corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.5.20060mlcs4.x86_64.rpm
 760f0be502e4b467ea0e7082359d6c4b  corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.5.20060mlcs4.x86_64.rpm 
 b540ed0b099dbd9313aa51a054f94a2d  corporate/4.0/SRPMS/libpng-1.2.8-1.5.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 3e8bd4b7fb11d66ea67c0dd75955736e  mnf/2.0/i586/libpng3-1.2.5-10.10.C30mdk.i586.rpm 
 6a4922c9efebca1ef396966c8d9ef8cb  mnf/2.0/SRPMS/libpng-1.2.5-10.10.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIji0HmqjQ0CJFipgRAgtBAKCjxsBTjielPPNtqJ3YL7Sd877ehgCg9C9x
VUuE9hlQxxE0kdkLpwOe44I=
=ofo5
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2008:156 ] - Updated libpng packages fix vulnerability security (Jul 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]