Paketname
libpng
Datum
2014-05-12
Advisory ID
MDVSA-2014:084
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Updated libpng packages fix security vulnerabilities:

An integer overflow leading to a heap-based buffer overflow was found
in the png_set_sPLT() and png_set_text_2() API functions of libpng. An
attacker could create a specially-crafted image file and render it
with an application written to explicitly call png_set_sPLT() or
png_set_text_2() function, could cause libpng to crash or execute
arbitrary code with the permissions of the user running such an
application (CVE-2013-7353).

An integer overflow leading to a heap-based buffer overflow was found
in the png_set_unknown_chunks() API function of libpng. An attacker
could create a specially-crafted image file and render it with an
application written to explicitly call png_set_unknown_chunks()
function, could cause libpng to crash or execute arbitrary code
with the permissions of the user running such an application
(CVE-2013-7354).

Aktualisierte Pakete

MES5 i586

 fba91d4dddfd5d97a53ac99cd3239522  mes5/i586/libpng3-1.2.31-2.9mdvmes5.2.i586.rpm
 5803ea66067570f58b5f394b1ea0b589  mes5/i586/libpng-devel-1.2.31-2.9mdvmes5.2.i586.rpm
 8bc59955b0acacaccb3c5f4e1ad52a58  mes5/i586/libpng-source-1.2.31-2.9mdvmes5.2.i586.rpm
 11f50bdcc6275afb49c97a408436633a  mes5/i586/libpng-static-devel-1.2.31-2.9mdvmes5.2.i586.rpm 
 ef40175e407503eb8f0a84cd3a090f24  mes5/SRPMS/libpng-1.2.31-2.9mdvmes5.2.src.rpm

MBS1 x86_64

 039c39aa6d27e04b12a3aea331f6ec23  mbs1/x86_64/lib64png12_0-1.2.49-2.2.mbs1.x86_64.rpm
 d83f241ecfa8afd4e1c0e2c98f6c49df  mbs1/x86_64/lib64png12-devel-1.2.49-2.2.mbs1.x86_64.rpm
 7a168efd8963ec20538609119b81415c  mbs1/x86_64/lib64png15_15-1.5.10-2.2.mbs1.x86_64.rpm
 e81d8861af09789367f1e8164ee8009d  mbs1/x86_64/lib64png-devel-1.5.10-2.2.mbs1.x86_64.rpm 
 9fe79406a7c17f9c475e734fd2c6a859  mbs1/SRPMS/libpng12-1.2.49-2.2.mbs1.src.rpm
 ce17e2ddbe2025384cb3f32395589196  mbs1/SRPMS/libpng-1.5.10-2.2.mbs1.src.rpm

MES5 x86_64

 e3171643a5f238734daced0dbfbfd488  mes5/x86_64/lib64png3-1.2.31-2.9mdvmes5.2.x86_64.rpm
 0a3ec8069a2f49e52b4f13953eb24ab0  mes5/x86_64/lib64png-devel-1.2.31-2.9mdvmes5.2.x86_64.rpm
 6e6fbb43962cb5d7f00ce2f0cefd0359  mes5/x86_64/lib64png-static-devel-1.2.31-2.9mdvmes5.2.x86_64.rpm
 d4df933db37f851959157ed255ec0a8d  mes5/x86_64/libpng-source-1.2.31-2.9mdvmes5.2.x86_64.rpm 
 ef40175e407503eb8f0a84cd3a090f24  mes5/SRPMS/libpng-1.2.31-2.9mdvmes5.2.src.rpm

Referenzen