Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-042.0-Linux: libpng progressive image loading vulnerabilities and othe

CSSA-2002-042.0-Linux: libpng progressive image loading vulnerabilities and othe

by Nikola Strahija on November 13th, 2002 There are two buffer overflow vulnerabilities in the libpng code: one of which can allow attackers to cause a denial of service, and the other that can cause a denial of service with the possibility of executing arbitrary code.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to libpng-1.0.15-5MR.i386.rpm
prior to libpng-devel-1.0.15-5MR.i386.rpm
prior to libpng-devel-static-1.0.15-5MR.i386.rpm

OpenLinux 3.1.1 Workstation prior to libpng-1.0.15-5MR.i386.rpm
prior to libpng-devel-1.0.15-5MR.i386.rpm
prior to libpng-devel-static-1.0.15-5MR.i386.rpm

OpenLinux 3.1 Server prior to libpng-1.0.15-5MR.i386.rpm
prior to libpng-devel-1.0.15-5MR.i386.rpm
prior to libpng-devel-static-1.0.15-5MR.i386.rpm

OpenLinux 3.1 Workstation prior to libpng-1.0.15-5MR.i386.rpm
prior to libpng-devel-1.0.15-5MR.i386.rpm
prior to libpng-devel-static-1.0.15-5MR.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-042.0/RPMS

4.2 Packages

93221732f6fcd8d2a06082d68ce460e2 libpng-1.0.15-5MR.i386.rpm
98fb336313cdd6e4b5e0d2e80f0e6de5 libpng-devel-1.0.15-5MR.i386.rpm
c474133b01b1f7f39d65fd017635e109 libpng-devel-static-1.0.15-5MR.i386.rpm

4.3 Installation

rpm -Fvh libpng-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-042.0/SRPMS

4.5 Source Packages

512eda0dec68d56065b515ecd540f585 libpng-1.0.15-5MR.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-042.0/RPMS

5.2 Packages

f92a046d343a7f174b4912e3be8e6e5b libpng-1.0.15-5MR.i386.rpm
0106b36eb2d7d6469f04e43b2752ebfa libpng-devel-1.0.15-5MR.i386.rpm
b036341f4c3db77dd44c071aa863781c libpng-devel-static-1.0.15-5MR.i386.rpm

5.3 Installation

rpm -Fvh libpng-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-042.0/SRPMS

5.5 Source Packages

95fa381705ae3d28b971d3f96592ec73 libpng-1.0.15-5MR.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-042.0/RPMS

6.2 Packages

112edf2530cc5df8a1c54f18a26b5b41 libpng-1.0.15-5MR.i386.rpm
8fe1bf881e31e38c34100569b52a5213 libpng-devel-1.0.15-5MR.i386.rpm
411476fc864656d877b43d695f7cc789 libpng-devel-static-1.0.15-5MR.i386.rpm

6.3 Installation

rpm -Fvh libpng-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-042.0/SRPMS

6.5 Source Packages

d8fb9343ec9a91e36fbd0375e478a5a2 libpng-1.0.15-5MR.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-042.0/RPMS

7.2 Packages

450c615089d6ee0af856574111dfb074 libpng-1.0.15-5MR.i386.rpm
e160fd394b9a116fa68e7cdffd8d6dec libpng-devel-1.0.15-5MR.i386.rpm
28543b8410403f28a1dc8949cf82eb2f libpng-devel-static-1.0.15-5MR.i386.rpm

7.3 Installation

rpm -Fvh libpng-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm
rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-042.0/SRPMS

7.5 Source Packages

29579bd08c919cd5de11acbc11026e21 libpng-1.0.15-5MR.src.rpm


8. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0660
ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr867868, fz525853,
erg712105.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »