LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2011-105 (libpng)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-105] libpng: Multiple Vulnerabilities 


Date:
    	      Mon, 8 Aug 2011 16:21:59 +0300


Message-ID:
    	      <201108081621.59401.meltem@pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-105           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-08
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in libpng. 


Description
===========

CVE-2011-2690: 

Buffer overflow in libpng 1.0.x before  1.0.55,  1.2.x  before  1.2.45, 
1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application 
that calls the png_rgb_to_gray  function  but  not  the  png_set_expand 
function, allows remote attackers to overwrite memory with an arbitrary 
amount of data, and possibly  have  unspecified  other  impact,  via  a 
crafted PNG image. 



CVE-2011-2691: 

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x 
before 1.2.45, 1.4.x before 1.4.8,  and  1.5.x  before  1.5.4  makes  a 
function call using a NULL pointer argument instead of an  empty-string 
argument, which allows remote attackers to cause a  denial  of  service 
(application crash) via a crafted PNG image. 



CVE-2011-2692: 

The png_handle_sCAL function  in  pngrutil.c  in  libpng  1.0.x  before 
1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 
does not properly handle  invalid  sCAL  chunks,  which  allows  remote 
attackers  to cause  a  denial  of  service  (memory  corruption   and  
application crash) or possibly have  unspecified  other  impact  via  a 
crafted PNG image that triggers the reading of uninitialized memory. 





Affected packages:

  Pardus 2009:
    libpng, all before 1.2.46-24-9

  Pardus 2011:
    libpng, all before 1.4.8-30-p11


Resolution
==========

There are update(s) for libpng. You can update them via Package Manager 
or with a single command from console: 

  Pardus 2009:
    pisi up libpng

  Pardus 2011:
    pisi up libpng


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18699

------------------------------------------------------------------------

_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds