libpng-1.2.10-7.1.2.1AXS3
エラータID: AXSA:2009-25:01
リリース日:
2009/03/16 Monday - 13:46
題名:
libpng-1.2.10-7.1.2.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Update]
- libpng にはエレメントポインタが適切に初期化されない脆弱性が存在します。(CVE-2008-1382)
- libpng には PNG ファイルの処理に不備があるため、初期化されていないメモリ領域にアクセスされる脆弱性が存在します。(CVE-2009-0040)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-1382
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
CVE-2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
追加情報:
N/A
ダウンロード:
SRPMS
- libpng-1.2.10-7.1.2.1AXS3.src.rpm
MD5: 2e81e38413e0157eb69f7e126df9f0e9
SHA-256: 7d05871da901562e1e1c85fd85378482b93d730554da82316bb954ce74f39adb
Size: 631.47 kB
Asianux Server 3 for x86
- libpng-1.2.10-7.1.2.1AXS3.i386.rpm
MD5: 1b122f8ea88e4ee2a76e2f9a347526f5
SHA-256: af281ce9070b020d48506e02447746d1b27b53e1943b29e9ac9435b82d338f95
Size: 243.32 kB - libpng-devel-1.2.10-7.1.2.1AXS3.i386.rpm
MD5: 6de17b9e41bf34b4b1c7f1aa92539f29
SHA-256: c0eaa593d1a8449cd39f979f8d4c1cdc0ce2b554c5b97423cb90985d47e8fb97
Size: 183.06 kB
Asianux Server 3 for x86_64
- libpng-1.2.10-7.1.2.1AXS3.x86_64.rpm
MD5: dbc30ed6ebaf4e33d64a6278fd3dc30d
SHA-256: 627970b7bd8a28bc480739403aaae3c266a7e3a23fd37134c0faa47f5d218966
Size: 235.86 kB - libpng-devel-1.2.10-7.1.2.1AXS3.x86_64.rpm
MD5: 0e6a1efadf8ca5eece3328aa1695faf7
SHA-256: b6022659f97b85e08b701895fbf1a60c61b861c30dcb1687e16feb53b81152ce
Size: 186.20 kB