[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities

From: Matt Zimmerman (mdz_at_debian.org)
Date: 08/05/04

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200408-03 ] libpng: Numerous vulnerabilities"
    Date: Wed, 4 Aug 2004 19:10:24 -0700
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 536-1 security@debian.org
    http://www.debian.org/security/ Matt Zimmerman
    August 4th, 2004 http://www.debian.org/security/faq
    - --------------------------------------------------------------------------

    Package : libpng
    Vulnerability : several
    Problem-Type : local/remote
    Debian-specific: no
    CVE Ids : CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768

    Chris Evans discovered several vulnerabilities in libpng:

     CAN-2004-0597 - Multiple buffer overflows exist, including when
     handling transparency chunk data, which could be exploited to cause
     arbitrary code to be executed when a specially crafted PNG image is
     processed

     CAN-2004-0598 - Multiple NULL pointer dereferences in
     png_handle_iCPP() and elsewhere could be exploited to cause an
     application to crash when a specially crafted PNG image is processed

     CAN-2004-0599 - Multiple integer overflows in png_handle_sPLT(),
     png_read_png() nctions and elsewhere could be exploited to cause an
     application to crash, or potentially arbitrary code to be executed,
     when a specially crafted PNG image is processed

    In addition, a bug related to CAN-2002-1363 was fixed:

     CAN-2004-0768 - A buffer overflow could be caused by incorrect
     calculation of buffer offsets, possibly leading to the execution of
     arbitrary code

    For the current stable distribution (woody), these problems have been
    fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
    1.0.12-3.woody.7.

    For the unstable distribution (sid), these problems will be fixed soon.

    We recommend that you update your libpng and libpng3 packages.

    Upgrade Instructions
    - --------------------

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    Debian GNU/Linux 3.0 alias woody
    - --------------------------------

      Source archives:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.7.dsc
          Size/MD5 checksum: 579 28fa419216a24ee3bfc2379864cb08af
        http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.7.diff.gz
          Size/MD5 checksum: 9742 75a375a67bb78301d9a9ebe821b3f2b2
        http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
          Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7.dsc
          Size/MD5 checksum: 583 3976057544097db61b33f953b803d947
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7.diff.gz
          Size/MD5 checksum: 29676 0501708a687b71e449f81cd3e61868d6
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
          Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d

      ARM architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_arm.deb
          Size/MD5 checksum: 108834 65c7d7fb818332e8c0a5948450289d6f
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_arm.deb
          Size/MD5 checksum: 241392 785d7cc63274c17c1b6f54020e55b047
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_arm.deb
          Size/MD5 checksum: 247654 8fcf3de4c503230ec009cd60d852ed8e
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_arm.deb
          Size/MD5 checksum: 112036 159d56f98ca67efae5b941c8c125f7fb

      Intel IA-32 architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_i386.deb
          Size/MD5 checksum: 107012 6c0c53769987b0e612315a27d426c31b
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_i386.deb
          Size/MD5 checksum: 226982 93ab2de59fd31cdd270220a9bf470aab
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_i386.deb
          Size/MD5 checksum: 233652 7a723facf934ca726426fcccbea044c1
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_i386.deb
          Size/MD5 checksum: 110350 aaa13f7b82894d332b0d93812eccf245

      Intel IA-64 architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_ia64.deb
          Size/MD5 checksum: 147182 a42677c2dc15d9c7e69084c794adb1f1
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_ia64.deb
          Size/MD5 checksum: 271760 3602ac433e9acb291264ac4631466b1b
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_ia64.deb
          Size/MD5 checksum: 278832 f40345e28c0a8090e3d5cc0da0c47c83
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_ia64.deb
          Size/MD5 checksum: 151492 b4cf01f0f5a4584a9cc91d37059e3a18

      HP Precision architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_hppa.deb
          Size/MD5 checksum: 128592 c290efcf7bca64a59b95df9bd40ea7c4
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_hppa.deb
          Size/MD5 checksum: 262498 bba030d36b2453f50fc5f8dd502193db
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_hppa.deb
          Size/MD5 checksum: 269714 97f2cc65b004d72d2f736c444a5eca02
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_hppa.deb
          Size/MD5 checksum: 132710 ad103af06ba1fd04bfc820a7c9469a04

      Motorola 680x0 architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_m68k.deb
          Size/MD5 checksum: 103914 0397515db7b83fe0788c11878ff2f6fe
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_m68k.deb
          Size/MD5 checksum: 220716 eedf1c5c86848604fffc678e2522047e
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_m68k.deb
          Size/MD5 checksum: 226396 825cf323e0b2a20d7059b41ac50b5ffe
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_m68k.deb
          Size/MD5 checksum: 106862 c9426ed19e5cf9d5ffa3f4e5ad9575ba

      Big endian MIPS architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_mips.deb
          Size/MD5 checksum: 108912 f28b7b28829c5eccfc1879bf24f30d01
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_mips.deb
          Size/MD5 checksum: 240572 aa9f0be614c9b9e83035927bca2780a0
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_mips.deb
          Size/MD5 checksum: 247046 950eb986e2da18540cac6871fa724ec8
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_mips.deb
          Size/MD5 checksum: 112238 45ba391f6604228a5712b3933cd7918d

      Little endian MIPS architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_mipsel.deb
          Size/MD5 checksum: 108792 e1c23a58af661142d961b2cb9067a8ad
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_mipsel.deb
          Size/MD5 checksum: 240484 205b79c80e9d5a90ba39ce297ca7ccf9
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_mipsel.deb
          Size/MD5 checksum: 247000 d7fab207f6240fa1c8cca2b626543910
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_mipsel.deb
          Size/MD5 checksum: 112174 60c7d64b2256f05f8eb132b8e386731e

      PowerPC architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_powerpc.deb
          Size/MD5 checksum: 110254 ed1c9f3cb6cfc64467ae83251beb8b2d
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_powerpc.deb
          Size/MD5 checksum: 234680 a728d61a234b60b14d6876c0d7d460b5
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_powerpc.deb
          Size/MD5 checksum: 240742 ae4b57d50f8f6e8f88f18fdfde81c9a8
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_powerpc.deb
          Size/MD5 checksum: 113340 3014018db3169c617d958b71fa0e119d

      IBM S/390 architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_s390.deb
          Size/MD5 checksum: 110286 1ba753d363eb45b3b768ae26ce19f9dc
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_s390.deb
          Size/MD5 checksum: 229436 8ca7796466613d780a3442d831544bf9
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_s390.deb
          Size/MD5 checksum: 235056 dcfc35ced743c453935dea5f4c6e8b92
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_s390.deb
          Size/MD5 checksum: 113376 2a42876c22f968ae435382110d27741c

      Sun Sparc architecture:

        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_sparc.deb
          Size/MD5 checksum: 110312 f5db28252e4072d07f34da1b57bb2656
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_sparc.deb
          Size/MD5 checksum: 232132 32be4f2a4f7215f3760ac6ce7c222ab9
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_sparc.deb
          Size/MD5 checksum: 237786 2d36e99aab38db959088a646bbf9455b
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_sparc.deb
          Size/MD5 checksum: 113744 d67df8af224bbcb817c7cb004ece5bf7

      These files will probably be moved into the stable distribution on
      its next revision.

    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announce@lists.debian.org
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (GNU/Linux)

    iD8DBQFBEZb5ArxCt0PiXR4RAmUfAJ4sqTIviuQbDq3Z/OihWgW3R+X9IACdHPeV
    ZYzTM1+5xJbhNlRCOnSvfrQ=
    =q7t4
    -----END PGP SIGNATURE-----


  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200408-03 ] libpng: Numerous vulnerabilities"

    Relevant Pages