[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities

Thx very much :)

----- Original Message ----- 
From: "Martin Schulze" <joey@infodrom.org>
To: "Debian Security Announcements"
<debian-security-announce@lists.debian.org>
Sent: Wednesday, October 20, 2004 6:04 PM
Subject: [SECURITY] [DSA 570-1] New libpng packages fix several
vulnerabilities


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
--
> Debian Security Advisory DSA 570-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> October 20th, 2004                      http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
--
>
> Package        : libpng
> Vulnerability  : integer overflow
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CAN-2004-0955
>
> Several integer overflows have been discovered by its upstream
> developers in libpng, a commonly used library to display PNG graphics.
> They could be exploited to cause arbitrary code to be executed when a
> specially crafted PNG image is processed.
>
> For the stable distribution (woody) this problem has been fixed in
> version 1.0.12-3.woody.9.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 1.0.15-8.
>
> We recommend that you upgrade your libpng packages.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
>   Source archives:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.9.dsc
>       Size/MD5 checksum:      580 7df7d1e0bbd2332551a14cc0a21dddf7
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.9.diff.gz
>       Size/MD5 checksum:    10396 dbf46963e7b26473fffba63a92791286
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
>       Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c
>
>   Alpha architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_alpha.deb
>       Size/MD5 checksum:   130374 1044ec55646f8e94e218bf4613db1f60
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_alpha.deb
>       Size/MD5 checksum:   270440 74a5b9e3bc1b2fc2648133e196894b4f
>
>   ARM architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_arm.deb
>       Size/MD5 checksum:   109148 60e7475df4f824043242559b7d64322e
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_arm.deb
>       Size/MD5 checksum:   241496 f9ad072eb50a9391ce4b105eff9b2cba
>
>   Intel IA-32 architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_i386.deb
>       Size/MD5 checksum:   107434 e81d90d93fc69329f1fc842666ab8bf2
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_i386.deb
>       Size/MD5 checksum:   227648 a5495e210300e511e7c265e86303c909
>
>   Intel IA-64 architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_ia64.deb
>       Size/MD5 checksum:   147520 5292b0c17956697fa682a95be34abc0d
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_ia64.deb
>       Size/MD5 checksum:   271938 ae7b7fed469735915bbdf87ab02f80a3
>
>   HP Precision architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_hppa.deb
>       Size/MD5 checksum:   128830 b1937fc261ba66c8b69605c0f8df9305
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_hppa.deb
>       Size/MD5 checksum:   262630 be93d764c002923fb1e6d5385b12e200
>
>   Motorola 680x0 architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_m68k.deb
>       Size/MD5 checksum:   104172 86a18a750a19efbe94f8b79d9e4e89c8
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_m68k.deb
>       Size/MD5 checksum:   220804 d4b278997d86fe7cd824f2ad820a8466
>
>   Big endian MIPS architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_mips.deb
>       Size/MD5 checksum:   109184 b825d9e4e59ed06f5ff718d86c078714
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_mips.deb
>       Size/MD5 checksum:   240698 883d442e57eef30ad86251ce2ffed701
>
>   Little endian MIPS architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_mipsel.deb
>       Size/MD5 checksum:   109102 eb85fee5ef0e9516372a7e245fd781ce
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_mipsel.deb
>       Size/MD5 checksum:   240576 da9b75f48689e9277b8a053c014e8ddc
>
>   PowerPC architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_powerpc.deb
>       Size/MD5 checksum:   110504 b7ab6493588e05c09811e3f58fa747b2
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_powerpc.deb
>       Size/MD5 checksum:   234800 1e1bacb0bbe2d80166d4ce9f96348828
>
>   IBM S/390 architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_s390.deb
>       Size/MD5 checksum:   110520 29172e2fc592785d44b5779ed7787f08
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_s390.deb
>       Size/MD5 checksum:   229560 2577f1ecee02f71af34ca9aecbd70dd7
>
>   Sun Sparc architecture:
>
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_sparc.deb
>       Size/MD5 checksum:   110564 2eac357f311054279ef941a87befb62f
>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_sparc.deb
>       Size/MD5 checksum:   232302 7691bd27595acd87249be24746f47186
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> - ------------------------------------------------------------------------
---------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD8DBQFBdoygW5ql+IAeqTIRAoMNAKCfndrl8yChYh6+2naQdhcT+xpYPACeOeUE
> ZCFqX8nZqf7QJLxtj9G1wKI=
> =YmFn
> -----END PGP SIGNATURE-----
>
>
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
Reply to: