Bug 127869 - CAN-2004-0597/98/99 multiple problems in libpng 1.2.5
CAN-2004-0597/98/99 multiple problems in libpng 1.2.5
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: libpng (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthias Clasen
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-07-14 16:34 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-04 09:42:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:402 high SHIPPED_LIVE Critical: libpng security update 2004-08-04 00:00:00 EDT

  None (edit)
Description Josh Bressers 2004-07-14 16:34:52 EDT
libpng version up to and including 1.2.5 have a couple of secuirty holes.

Here are some CVE names
> 1) Remotely exploitable stack-based buffer overrun in
> (pngrutil.c)                                                       
> 2) Dangerous code in png_handle_sBIT (pngrutil.c) (Similar code in 
> png_handle_hIST).                                                  

CAN-2004-0597 for these (we merge issues that have the same flaw type that
get fixed in the same versions).

> 3) Possible NULL-pointer crash in png_handle_iCCP (pngrutil.c) (this
> flaw is duplicated in multiple other locations).                   

CAN-2004-0598 for those

> 4) Theoretical integer overflow in allocation in png_handle_sPLT   
> (pngrutil.c)                                                       
> 5) Integer overflow in png_read_png (pngread.c)                    
> 6) Integer overflows during progressive reading.                   
> 7) Other flaws.  [integer overflows]                               

CAN-2004-0599 for those
Comment 1 Josh Bressers 2004-07-14 16:35:46 EDT
This issue also affects RHEL 2.1
Comment 2 Josh Bressers 2004-07-16 18:12:22 EDT
RHEL2.1 is going to be RHSA-2004:390

RHEL3 is going to be RHSA-2004:402

The 2.1 Advisory also deals with an incomplete fix which was
previously applied.

I have set the release date to 2004-08-04 for the time being, when an
official embargoed date arrives, I'll fix it.
Comment 3 Mark J. Cox 2004-08-04 07:56:05 EDT
Aug 04 1200UTC - removing embargo
Comment 4 Mark J. Cox 2004-08-04 09:42:47 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.