libpng-1.2.10-7.1.5.0.1.AXS3
エラータID: AXSA:2011-300:01
リリース日:
2011/09/19 Monday - 12:29
題名:
libpng-1.2.10-7.1.5.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Security Fix]<br />
- libpng には png_rgb_to_gray 関数を呼び出す アプリケーションによって使用された場合バッファオーバーフローの脆弱性が存在し,巧妙に作られた PNG イメージによって,リモートの攻撃者が任意の量のメモリを上書きする脆弱性があります。(CVE-2011-2690)<br />
<br />
- libpng の png_handle_sCAL 関数は,不正な sCAL チャンクを適切に扱っておらず,巧妙に作られた PNG イメージによって,リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのクラッシュ)を引き起こしたり,不明な影響を与える脆弱性があります。 <br />
(CVE-2011-2692)<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-2690
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
CVE-2011-2692
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- libpng-1.2.10-7.1.5.0.1.AXS3.i386.rpm
MD5: c21fd42bcd54277c4f0398e57dd52571
SHA-256: f2207a951dabee9b87f238ff617af2920f0eb2ac85909ab4b379137d64cdbc1d
Size: 241.63 kB - libpng-devel-1.2.10-7.1.5.0.1.AXS3.i386.rpm
MD5: aa3b014cfbbb962b77017a992e669824
SHA-256: c5a874ecfb678aa815b924951c541220b4ff2183680a8b73d7da4a790a31e53b
Size: 182.16 kB
Asianux Server 3 for x86_64
- libpng-1.2.10-7.1.5.0.1.AXS3.x86_64.rpm
MD5: 666a95d9b29f45bec932deac2e9a7fbb
SHA-256: 73bbb08a3b5e176103f7922b013c097a784c51ece1f79024a387a7536b59e989
Size: 235.10 kB - libpng-devel-1.2.10-7.1.5.0.1.AXS3.x86_64.rpm
MD5: d8d84b6b7c4d31f2792a1dccde55a86f
SHA-256: e5065dfcc8a9c031259a1d9b754a03f47ca10f5d5f7053db3deb2a435cf3585d
Size: 185.25 kB