[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of libpng[23]


--On Thursday, August 01, 2002 16:50:16 +0200 Martin Hermanowski <martin@martin.mh57.net> wrote:

an apt-get update && apt-get upgrade -dy today brought me new
libpng[23]-Packages from security.debian.org for woody/stable,
but I can't find an advisory for them. What changes were made?

maybe you should subscribe to debian-security-announce too.

Here the Head of the Advisory:

- -----------------------------------------------------------------------
Debian Security Advisory DSA 140-1 security@debian.org http://www.debian.org/security/ Martin Schulze
August 1st, 2002
- -----------------------------------------------------------------------

Package        : libpng2, libpng3
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no

Developers of the PNG library have fixed a buffer overflow in the
progressive reader when the PNG datastream contains more IDAT data
than indicated by the IHDR chunk.  Such deliberately malformed
datastreams would crash applications which could potentially allow an
attacker to execute malicious code.  Programs such as Galeon,
Konquerer and various others make use of these libraries.



Dirk Hartmann, Netzworkadministration              #PGP-Key available
Verlag Heinz Heise GmbH & Co KG,  Helstorferstr. 7,  D-30625 Hannover
E-Mail: dha@heise.de - Tel.: +49 511 5352 494 - FAX: +49 511 5352 479

Reply to: