From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P3Fbk-0005v5-SP for garchives@archives.gentoo.org; Tue, 05 Oct 2010 22:03:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8BF66E086E for ; Tue, 5 Oct 2010 22:03:36 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 4218CE0766 for ; Tue, 5 Oct 2010 21:26:14 +0000 (UTC) Received: from flycatcher.gentoo.org (flycatcher.gentoo.org [81.93.255.6]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 96CD61B4037 for ; Tue, 5 Oct 2010 21:26:13 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 2187) id 343F920051; Tue, 5 Oct 2010 21:26:12 +0000 (UTC) From: "Pierre-Yves Rofes (py)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, py@gentoo.org Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml X-VCS-Repository: gentoo X-VCS-Files: glsa-201010-01.xml X-VCS-Directories: xml/htdocs/security/en/glsa X-VCS-Committer: py X-VCS-Committer-Name: Pierre-Yves Rofes Content-Type: text/plain; charset=utf8 Message-Id: <20101005212612.343F920051@flycatcher.gentoo.org> Date: Tue, 5 Oct 2010 21:26:12 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: a3e3e65e-709f-4272-b8bc-4e5bf8b53a73 X-Archives-Hash: 3ecc046d9cca0def8961d192ae613cde py 10/10/05 21:26:12 Added: glsa-201010-01.xml Log: GLSA 201010-01 Revision Changes Path 1.1 xml/htdocs/security/en/glsa/glsa-201010-01.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /glsa/glsa-201010-01.xml?rev=3D1.1&view=3Dmarkup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en= /glsa/glsa-201010-01.xml?rev=3D1.1&content-type=3Dtext/plain Index: glsa-201010-01.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Libpng: Multiple vulnerabilities Multiple vulnerabilities in libpng might lead to privilege escalation= or a Denial of Service. libpng October 05, 2010 October 05, 2010: 01 307637 324153 335887 remote 1.4.3 1.4.3

libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes.

Multiple vulnerabilities were found in libpng:

  • The png_decompress_chunk() function in pngrutil.c does not properly handl= e certain type of compressed data (CVE-2010-0205)
  • A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205)
  • A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249)

An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with th= e permissions of the user running the vulnerable program, which could b= e the root user.

There is no known workaround at this time.

All libpng users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=3Dmedia-libs/libpng-1.4= .3" CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 craig p-y