[Bug 216706] New: CVE-2006-5793 libpng, libpng10 DoS
Till Maas
opensource at till.name
Wed Nov 22 19:08:55 UTC 2006
On Wednesday 22 November 2006 19:00, Josh Bressers wrote:
> I'm going to presume you're claiming that since Fedora Core doesn't have
> the latest libpng, it's vulnerable to the issues fixed in the upstream
> new version.
Actually I downloaded the libpng src.rpm with yumdownloader --source libpng
and took a look into it, it contains the spec, the upstream tarball and two
patches:
libpng-1.2.10-multilib.patch
libpng-1.2.10-pngconf.patch
Description of CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
| Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng
| before 1.2.12 allows context-dependent attackers to cause a denial of
| service and possibly execute arbitrary code via unspecified vectors related
| to "chunk error processing," possibly involving the "chunk_name".
> libpng in Fedora Core has all relevant security issues backported into it.
$ grep pngrutil.c libpng-1.2.10-pngconf.patch libpng-1.2.10-multilib.patch
$
So it is not backported.
The libpng homepage also states for release 1.2.12:
| The same releases (and their immediate predecessors) also fix an
| out-of-bounds (by one) memory read and a second buffer overrun, this one in
| the code that writes the sCAL ("physical scale of subject") chunk (which is
| rather rare in any case).
The patch for this is not backported, either.
I do not know how relevant above vulnerabilites are, since novel states that
CVE-2006-3334 is not that important in
http://www.novell.com/linux/security/advisories/2006_16_sr.html
> If you have concerns regarding a specific issue, feel free to bring that
> up, but bug 211705 in no way represents a security flaw.
But if the mentioned issues are no security flaws please document it in
bugzilla, so it does not seem to be ignored.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20061122/5bfd0b57/attachment.sig>
More information about the Fedora-security-list
mailing list