Paketname
pxelinux
Datum
2006-11-16
Advisory ID
MDKSA-2006:211
Betroffene Versionen
CS4.0 x86_64 , 2006.0 i586 , 2006.0 x86_64 , CS4.0 i586

Problembeschreibung

PXELINUX is a PXE bootloader. It is built with a private copy of
libpng, and as such could be susceptible to some of the same
vulnerabilities:

Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name". (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the
patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a
typo in png_set_sPLT() that may cause an application using libpng to
read out of bounds, resulting in a crash. (CVE-2006-5793)

Packages have been patched to correct these issues.

Aktualisierte Pakete

CS4.0 x86_64

 101bf5ce7b71092aa0d867475c71713b  corporate/4.0/x86_64/pxelinux-3.11-1.1.20060mlcs4.i586.rpm
 b8e512bf0b8ce91b64fad1a69735360c  corporate/4.0/x86_64/pxelinux-devel-3.11-1.1.20060mlcs4.i586.rpm 
 68a203b1315849d3f690e2c5dd05b994  corporate/4.0/SRPMS/pxelinux-3.11-1.1.20060mlcs4.src.rpm

2006.0 i586

 0ea71d307e69d9edd950e75cabafd7c0  2006.0/i586/pxelinux-3.11-1.1.20060mdk.i586.rpm
 dff7ef13f57d61a451b77b00918e07cd  2006.0/i586/pxelinux-devel-3.11-1.1.20060mdk.i586.rpm 
 a9c531ff69efb2df50a8a00311181f65  2006.0/SRPMS/pxelinux-3.11-1.1.20060mdk.src.rpm

2006.0 x86_64

 deec78c2bf5e26ff7d7aab58cf5a2fc5  2006.0/x86_64/pxelinux-3.11-1.1.20060mdk.i586.rpm
 52d33b5d03e87636fbda2e643dc60882  2006.0/x86_64/pxelinux-devel-3.11-1.1.20060mdk.i586.rpm 
 a9c531ff69efb2df50a8a00311181f65  2006.0/SRPMS/pxelinux-3.11-1.1.20060mdk.src.rpm

CS4.0 i586

 b0d3ea9fb11f47f5b60d35e511c069cf  corporate/4.0/i586/pxelinux-3.11-1.1.20060mlcs4.i586.rpm
 c34a3638a6042258306fa591a542f880  corporate/4.0/i586/pxelinux-devel-3.11-1.1.20060mlcs4.i586.rpm 
 68a203b1315849d3f690e2c5dd05b994  corporate/4.0/SRPMS/pxelinux-3.11-1.1.20060mlcs4.src.rpm

Referenzen