RHSA-2009:0333Executive Summary
| Summary | |
|---|---|
| Title | libpng security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2009:0333 | First vendor Publication | 2009-03-04 |
| Vendor | RedHat | Last vendor Modification | 2009-03-04 |
| Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Problem Description: Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 441839 - CVE-2008-1382 libpng unknown chunk handling flaw 486355 - CVE-2009-0040 libpng arbitrary free() flaw |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2009-0333.html |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-189 | Numeric Errors |
| CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6275 | |||
| Oval ID: | oval:org.mitre.oval:def:6275 | ||
| Title: | mimeTeX and mathTeX Buffer Overflow and Command Injection Issues | ||
| Description: | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-1382 |
Version: | 1 |
| Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 |
Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10326 | |||
| Oval ID: | oval:org.mitre.oval:def:10326 | ||
| Title: | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | ||
| Description: | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-1382 |
Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 |
Product(s): | |
| Definition Synopsis: | |||
|
|||
| Definition Id: oval:org.mitre.oval:def:6458 | |||
| Oval ID: | oval:org.mitre.oval:def:6458 | ||
| Title: | Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability | ||
| Description: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0040 |
Version: | 1 |
| Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 |
Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10316 | |||
| Oval ID: | oval:org.mitre.oval:def:10316 | ||
| Title: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
| Description: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0040 |
Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 |
Product(s): | |
| Definition Synopsis: | |||
|
|||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 53317 | libpng 16-bit Gamma Table Handling Uninitialised Pointer Free Arbitrary Code ... |
| 53316 | libpng pCAL Chunk Handling Uninitialised Pointer Free Arbitrary Code Execution |
| 53315 | libpng png_read_png Function Uninitialised Pointer Free Arbitrary Code Execution |
| 44364 | libpng Zero-length Unknown Chunk Processing Uninitialized Memory Access |
(High)
(Medium)
