MDKSA-2006:209

Nom du paquet

libpng

Date

2006-11-16

Advisory ID

MDKSA-2006:209

Affected versions

CS4.0 x86_64 , MNF2.0 i586 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name". (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the
patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a
typo in png_set_sPLT() that may cause an application using libpng to
read out of bounds, resulting in a crash. (CVE-2006-5793)

Packages have been patched to correct these issues.

Updated packages

CS4.0 x86_64

 090b1f0b32a0b980681b35c8aec5f323  corporate/4.0/x86_64/lib64png3-1.2.8-1.2.20060mlcs4.x86_64.rpm
 96f0df2464cc042fc9fabfd3b1304d7a  corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm
 818a20ce635900040bc7ff3a1b330e38  corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm 
 462209b43657d92d6468b161eb779911  corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

MNF2.0 i586

 c2faf16ec4411b18adf61729e8cc285e  mnf/2.0/i586/libpng3-1.2.5-10.7.M20mdk.i586.rpm
 52c3ea1ea57c1574d66bc62dab0b3df6  mnf/2.0/i586/libpng3-devel-1.2.5-10.7.M20mdk.i586.rpm
 ba313a457f4647177ad33ba7fab48d4e  mnf/2.0/i586/libpng3-static-devel-1.2.5-10.7.M20mdk.i586.rpm 
 9cb65939c4d3165b2c806ae5b64cab08  mnf/2.0/SRPMS/libpng-1.2.5-10.7.M20mdk.src.rpm

2006.0 i586

 45ad162b09535faffbcac12958fe49b6  2006.0/i586/libpng3-1.2.8-1.2.20060mdk.i586.rpm
 d606c712b0fe3cb2846aa6e7d055e734  2006.0/i586/libpng3-devel-1.2.8-1.2.20060mdk.i586.rpm
 2205db07f1fd59257fa7eada8c8f695d  2006.0/i586/libpng3-static-devel-1.2.8-1.2.20060mdk.i586.rpm 
 7b6c834aaf600fc44a64fa08cdd6961f  2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

2007.0 x86_64

 1a51b7fe5aabda61d420a573e5fe240e  2007.0/x86_64/lib64png3-1.2.12-2.2mdv2007.0.x86_64.rpm
 bb66b6392ad998e1e697c9cb1171687b  2007.0/x86_64/lib64png3-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
 232a26557eb1069284ed5ada81492221  2007.0/x86_64/lib64png3-static-devel-1.2.12-2.2mdv2007.0.x86_64.rpm 
 503559d5befe0d3b557422359ca2cb7a  2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

2007.0 i586

 9906d24fb91a92049217263cf0128bfc  2007.0/i586/libpng3-1.2.12-2.2mdv2007.0.i586.rpm
 2d8452c09aca5596b29a1392aa250f2e  2007.0/i586/libpng3-devel-1.2.12-2.2mdv2007.0.i586.rpm
 38829f47379a45ecfcc9061078b24489  2007.0/i586/libpng3-static-devel-1.2.12-2.2mdv2007.0.i586.rpm 
 503559d5befe0d3b557422359ca2cb7a  2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

CS3.0 x86_64

 2ab9e03623fb035928ba711818742bd3  corporate/3.0/x86_64/lib64png3-1.2.5-10.7.C30mdk.x86_64.rpm
 dd2480239ee424f20a460fa2a087fcdf  corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.7.C30mdk.x86_64.rpm
 43ea6b6e435e31978bc54495972e2828  corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.7.C30mdk.x86_64.rpm 
 3ed80f4657a551ebfff3cb87912ee8bc  corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

CS4.0 i586

 27c277f505d08abde9ba7ef6ec17123e  corporate/4.0/i586/libpng3-1.2.8-1.2.20060mlcs4.i586.rpm
 dc70e227da5ec0514d5056319f336076  corporate/4.0/i586/libpng3-devel-1.2.8-1.2.20060mlcs4.i586.rpm
 6d267d5422d0e3e9e2868398ed1c8864  corporate/4.0/i586/libpng3-static-devel-1.2.8-1.2.20060mlcs4.i586.rpm 
 462209b43657d92d6468b161eb779911  corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

CS3.0 i586

 881d961819f17791dd2348c2b38153f7  corporate/3.0/i586/libpng3-1.2.5-10.7.C30mdk.i586.rpm
 87b087c74ba0466ee6a6aa487c6d7159  corporate/3.0/i586/libpng3-devel-1.2.5-10.7.C30mdk.i586.rpm
 5ae5cb1afdf63d50292a0d309f2789da  corporate/3.0/i586/libpng3-static-devel-1.2.5-10.7.C30mdk.i586.rpm 
 3ed80f4657a551ebfff3cb87912ee8bc  corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

2006.0 x86_64

 f977af66ce569366e9a44e4c1a73b715  2006.0/x86_64/lib64png3-1.2.8-1.2.20060mdk.x86_64.rpm
 878c585798862bd39a27422252573213  2006.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mdk.x86_64.rpm
 4220979712677c242d3e203650ff5236  2006.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mdk.x86_64.rpm 
 7b6c834aaf600fc44a64fa08cdd6961f  2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793