Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 335581 (CVE-2010-2350)

Summary: <net-proxy/ziproxy-3.1.1 Heap-based buffer overflow (CVE-2010-2350)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: net-proxy+disabled, sbriesen
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://ziproxy.cvs.sourceforge.net/viewvc/ziproxy/ziproxy-default/ChangeLog?revision=1.240&view=markup
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-01 19:56:24 UTC 
CVE-2010-2350 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2350):
  Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows
  remote attackers to cause a denial of service (crash) and possibly
  execute arbitrary code via a crafted PNG file.
Comment 1 Agostino Sarubbo gentoo-dev 2011-10-11 09:09:34 UTC 
from secunia:

Solution:
Update to version 3.1.1.

actually:

amd64box ~ # eix ziproxy
* net-proxy/ziproxy
     Available versions:  ~3.1.3 {jpeg2k xinetd}
     Homepage:            http://ziproxy.sourceforge.net/
     Description:         A forwarding, non-caching, compressing web proxy server

3.1.3 is in tree, close it as noglsa.


Added <3.1.1 in the summary because time ago was bumped:

*ziproxy-3.1.1 (15 Jun 2010)

  15 Jun 2010; Samuli Suominen (ssuominen) +ziproxy-3.1.1.ebuild:
  Version bump wrt #324021.