Summary: | <media-libs/libpng-{1.2.49,1.5.10}: Multiple Vulnerabilities (CVE-2011-{3045,3048) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2012-03-29 14:08:51 UTC
Thanks for the bug, Thomas. There is no apng patch for 1.5.10 release out yet, and the patch for 1.5.9 doesn't apply because: 1.5.10 would like to #define PNG_HAVE_iCCP to 0x4000 in pngpriv.h, and apng patch for 1.5.9 would like to #define PNG_HAVE_acTL to the same 0x4000 value. I'm inclined to wait for official apng 1.5.10 patch here. New apng patch is now available at the usual place... Please test and stabilize: =media-libs/libpng-1.2.49 "amd64 x86" =media-libs/libpng-1.5.10 "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Stable for HPPA. amd64/hardened/mixed: ok (emerges fine, I also tested few rdeps). amd64 stable x86 stable. Thanks arm/ia64/m68k/s390/sh done CVE-2011-3045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045): Integer signedness error in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. (CVE-2012-3048) This seemed pertinent to add as it applies to the same versions http://secunia.com/advisories/48587/ A vulnerability has been reported in libpng, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an error within the "png_set_text_2()" function (pngset.c) when parsing certain text chunks and can be exploited to corrupt heap memory via a specially crafted PNG file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 1.5.10, 1.4.11, 1.2.49, and 1.0.59. Solution Update to version 1.5.10, 1.4.11, 1.2.49, or 1.0.59. ppc done ppc64 done alpha/sparc stable Thanks, everyone. Already on existing GLSA request. CVE-2011-3048 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048): The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. This issue was resolved and addressed in GLSA 201206-15 at http://security.gentoo.org/glsa/glsa-201206-15.xml by GLSA coordinator Sean Amoss (ackle). |