Bulletin d'alerte Debian
DSA-213-1 libpng -- Dépassement de tampon
- Date du rapport :
- 19 décembre 2002
- Paquets concernés :
- libpng, libpng3
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans la base de données de suivi des bogues (chez SecurityFocus) : Identifiant BugTraq 6431.
Dans le dictionnaire CVE du Mitre : CVE-2002-1363. - Plus de précisions :
-
Glenn Randers-Pehrson a découvert un problème en rapport avec les échantillons 16 bits de
libpng, une interface de lecture ou d'écriture de fichiers au format PNG (Portable Network Graphics). Les décalages de départ des boucles sont mal calculés. Les indices démarrant au-delà du départ du tampon, ceci crée un surpassement du tampon.Pour l'actuelle distribution stable (Woody), ce problème a été corrigé dans la version 1.0.12-3.woody.3 pour libpng et dans la version 1.2.1-1.1.woody.3 pour libpng3.
Pour l'ancienne distribution stable (Potato), ce problème a été corrigé dans la version 1.0.5-1.1 pour libpng. Elle ne contient pas d'autres paquets libpng.
Pour la distribution instable (Sid), ce problème a été corrigé dans la version 1.0.12-7 pour libpng et dans la version 1.2.5-8 pour libpng3.
Nous vous recommandons de mettre à jour vos paquets libpng.
- Corrigé dans :
-
Debian GNU/Linux 2.2 (potato)
- Source :
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5-1.1.dsc
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5-1.1.diff.gz
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5-1.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_arm.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_arm.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_i386.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_i386.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.3.dsc
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.3.diff.gz
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3.dsc
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3.diff.gz
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.3.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_alpha.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_alpha.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_alpha.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_alpha.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_arm.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_arm.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_arm.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_arm.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_i386.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_i386.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_i386.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_i386.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_ia64.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_ia64.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_ia64.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_ia64.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_hppa.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_hppa.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_hppa.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_hppa.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_m68k.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_m68k.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_m68k.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_m68k.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_mips.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_mips.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_mips.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_mips.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_mipsel.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_mipsel.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_mipsel.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_mipsel.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_powerpc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_powerpc.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_powerpc.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_powerpc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_s390.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_s390.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_s390.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_s390.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_sparc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_sparc.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_sparc.deb
- http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_sparc.deb
- http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.