diff options
Diffstat (limited to 'polish/security/2004/dsa-536.wml')
| -rw-r--r-- | polish/security/2004/dsa-536.wml | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/polish/security/2004/dsa-536.wml b/polish/security/2004/dsa-536.wml new file mode 100644 index 00000000000..dc463ddb9a3 --- /dev/null +++ b/polish/security/2004/dsa-536.wml @@ -0,0 +1,45 @@ +#use wml::debian::translation-check translation="1.3" maintainer="" +#pddp rafalm80 +<define-tag description>several vulnerabilities</define-tag> +<define-tag moreinfo> +<p>Chris Evans discovered several vulnerabilities in libpng:</p> + +<ul> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597</a> + <p>Multiple buffer overflows exist, including when + handling transparency chunk data, which could be exploited to cause + arbitrary code to be executed when a specially crafted PNG image is + processed</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598">CAN-2004-0598</a> + <p>Multiple NULL pointer dereferences in + png_handle_iCPP() and elsewhere could be exploited to cause an + application to crash when a specially crafted PNG image is processed</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599">CAN-2004-0599</a> + <p>Multiple integer overflows in the png_handle_sPLT(), + png_read_png() functions and elsewhere could be exploited to cause an + application to crash, or potentially arbitrary code to be executed, + when a specially crafted PNG image is processed</p> + +<p>In addition, a bug related to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363">CAN-2002-1363</a> was fixed:</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0768">CAN-2004-0768</a> + <p>A buffer overflow could be caused by incorrect + calculation of buffer offsets, possibly leading to the execution of + arbitrary code</p> + +</ul> + +<p>For the current stable distribution (woody), these problems have been +fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version +1.0.12-3.woody.7.</p> + +<p>For the unstable distribution (sid), these problems will be fixed soon.</p> + +<p>We recommend that you update your libpng and libpng3 packages.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2004/dsa-536.data" |