This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 790737 - (CVE-2011-3026) CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120216,repo...
: Security
: 791030 (view as bug list)
Depends On: 791004 791005 791006 791007 791008 791016 791017 791018 791019 791020 791021 791022 791023 791024 791025 791026 791027 791183 791184 791185 794518
Blocks: 790741
  Show dependency treegraph
 
Reported: 2012-02-15 04:54 EST by Huzaifa S. Sidhpurwala
Modified: 2016-03-04 07:24 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-18 05:33:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
1.9.x patch (1009 bytes, patch)
2012-02-15 09:48 EST, Martin Stransky
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 727401 None None None Never

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-02-15 04:54:35 EST
A heap-based buffer overflow was found in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim.

Reference:
http://googlechromereleases.blogspot.in/2012/02/chrome-stable-update.html
https://code.google.com/p/chromium/issues/detail?id=112822
Comment 5 Martin Stransky 2012-02-15 09:48:18 EST
Created attachment 562240 [details]
1.9.x patch

Patch for 1.9.x, modified file path and chunks.
Comment 19 Vincent Danen 2012-02-15 22:12:13 EST
*** Bug 791030 has been marked as a duplicate of this bug. ***
Comment 20 Huzaifa S. Sidhpurwala 2012-02-16 07:34:15 EST
Created libpng tracking bugs for this issue

Affects: fedora-all [bug 791183]
Comment 21 Huzaifa S. Sidhpurwala 2012-02-16 07:34:21 EST
Created thunderbird tracking bugs for this issue

Affects: fedora-all [bug 791185]
Comment 22 Huzaifa S. Sidhpurwala 2012-02-16 07:34:29 EST
Created firefox tracking bugs for this issue

Affects: fedora-all [bug 791184]
Comment 25 errata-xmlrpc 2012-02-16 13:50:07 EST
This issue has been addressed in seamonkey in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2012:0141 https://rhn.redhat.com/errata/RHSA-2012-0141.html
Comment 26 errata-xmlrpc 2012-02-16 14:01:24 EST
This issue has been addressed in firefox in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2012:0142 https://rhn.redhat.com/errata/RHSA-2012-0142.html
Comment 27 errata-xmlrpc 2012-02-16 14:01:37 EST
This issue has been addressed in thunderbird in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0140 https://rhn.redhat.com/errata/RHSA-2012-0140.html
Comment 28 errata-xmlrpc 2012-02-16 14:11:45 EST
This issue has been addressed in xulrunner in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0143 https://rhn.redhat.com/errata/RHSA-2012-0143.html
Comment 34 Vincent Danen 2012-02-17 16:03:27 EST
External References:

http://www.mozilla.org/security/announce/2012/mfsa2012-11.html
Comment 35 errata-xmlrpc 2012-02-20 14:33:01 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0317 https://rhn.redhat.com/errata/RHSA-2012-0317.html
Comment 36 Fedora Update System 2012-02-20 20:29:38 EST
libpng-1.2.46-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 37 Fedora Update System 2012-02-28 04:53:37 EST
libpng-1.2.46-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 38 Fedora Update System 2012-02-28 04:59:14 EST
libpng10-1.0.57-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 39 Fedora Update System 2012-02-28 05:04:19 EST
libpng10-1.0.57-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 40 Fedora Update System 2012-02-28 05:47:51 EST
libpng-1.5.8-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 41 Fedora Update System 2012-02-28 06:00:15 EST
libpng10-1.0.57-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 42 Fedora Update System 2012-03-06 02:06:21 EST
libpng10-1.0.57-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.