First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 56307
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
libpng-1.2.5-transfix.patch Mandrake patch for CAN-2002-1363 patch Thierry Carrez (RETIRED) 2004-07-07 03:07 0000 1.89 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 56307 depends on: Show dependency tree
Bug 56307 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-07-07 01:57 0000 
From Mandrake advisory
(http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063) :
A buffer overflow vulnerability was discovered in libpng due to a wrong
calculation of some loop offset values. This buffer overflow can lead to Denial
of Service or even remote compromise.
This vulnerability was initially patched in January of 2003, but it has since
been noted that fixes were required in two additional places that had not been
corrected with the earlier patch.

The OpenPKG advisory
(http://www.openpkg.org/security/OpenPKG-SA-2004.030-png.html) lists several
other affected packages :
<= doxygen-1.3.7-20040507 (app-doc/doxygen)
<= ghostscript-8.14-20040604 (app-text/ghostscript)
<= kde-qt-3.2.3-20040429 (?)
<= pdflib-5.0.3-20040625 (media-libs/pdflib)
<= perl-tk-5.8.4-20040622 (dev-perl/perl-tk)
<= qt-3.3.2-20040615 (x11-libs/qt)
<= rrdtool-1.0.48-20040513 (net-analyzer/rrdtool)
<= tetex-2.0.2-20040429 (app-text/tetex)
<= wx-2.4.2-20040425 (?)

I don't know which of them really include a vulnerable copy of libpng...

------- Comment #1 From Thierry Carrez (RETIRED) 2004-07-07 03:07:54 0000 ------- 
Created an attachment (id=34898) [details]
Mandrake patch for CAN-2002-1363

Mandrake and OpenPKG talk about "2 additional places" were a fix is required to
solve CAN-2002-1363. Here is the Mandrake patch (OpenPKG uses the same).

Note that the PNG team did not issue a corrected patch, the one at
http://www.libpng.org/pub/png/src/libpng-1.2.5-patch2-pngrtran.CAN-2002-1363.diff
is still incomplete.

We should merge this patch to the Gentoo patch.

------- Comment #2 From Thierry Carrez (RETIRED) 2004-07-07 03:10:44 0000 ------- 
Mike: you did the last cleanups on this, could you apply patch and bump ?

------- Comment #3 From SpanKY 2004-07-07 07:38:35 0000 ------- 
version bumped to 1.2.5-r7 and made stable for all arches since -r6 was stable
and the patch changes very little

------- Comment #4 From Thierry Carrez (RETIRED) 2004-07-07 07:47:15 0000 ------- 
We probably don't have any other vulnerable package (since we link dynamically
to libpng) so this is ready for a GLSA.

------- Comment #5 From Sune Kloppenborg Jeppesen 2004-07-07 14:05:35 0000 ------- 
GLSA drafted: security please review

------- Comment #6 From Sune Kloppenborg Jeppesen 2004-07-08 09:31:19 0000 ------- 
GLSA 200407-06
First Last Prev Next    No search results available      Search page      Enter new bug