2010年6月29日

[installer 2418] Re: libpng-1.4.3

(Mon, 28 Jun 2010 13:45:49 +0900 (JST))
Koga Youichirou <y-koga@xxxxx>:
> libpng-1.4.3 出ています。

http://www.libpng.org/pub/png/libpng.html によると、

Vulnerability Warning

Several versions of libpng through 1.4.2 (and through 1.2.43 in the
older series) contain a bug whereby progressive applications such as
web browsers (or the rpng2 demo app included in libpng) could
receive an extra row of image data beyond the height reported in the
header, potentially leading to an out-of-bounds write to memory
(depending on how the application is written) and the possibility of
execution of an attacker's code with the privileges of the libpng
user (including remote compromise in the case of a libpng-based
browser visiting a hostile web site). This vulnerability has been
assigned ID CVE-2010-1205 (via Mozilla).

An additional memory-leak bug, involving images with malformed sCAL
chunks, is also present; it could lead to an application crash
(denial of service) when viewing such images.

Both bugs are fixed in versions 1.4.3 and 1.2.44, released 25 June
2010.

とのことです。

> ☆ libpng-1.4.3
> http://sourceforge.net/projects/libpng/
> http://sourceforge.net/projects/libpng/files/01-libpng-master/
>
> version 1.4.3beta01 [June 18, 2010]
> Added missing quotation marks in the aix block of configure.ac
> The new "vstudio" project was missing from the zip and 7z distributions.
> In pngpread.c: png_push_have_row() add check for new_row > height
>
> version 1.4.3beta02 [June 18, 2010]
> Removed the now-redundant check for out-of-bounds new_row from example.c
>
> version 1.4.3beta03 [June 18, 2010]
> In pngpread.c: png_push_finish_row() add check for too many rows.
>
> version 1.4.3beta04 [June 19, 2010]
> In pngpread.c: png_push_process_row() add check for too many rows.
> Removed the checks added in beta01 and beta03, as they are now redundant.
>
> version 1.4.3beta05 [June 20, 2010]
> Rewrote png_process_IDAT_data to consistently treat extra data as warnings
> and handle end conditions more cleanly.
> Removed the new (beta04) check in png_push_process_row().
>
> version 1.4.3rc01 [June 21, 2010]
> Revised some comments in png_process_IDAT_data().
>
> version 1.4.3rc02 [June 22, 2010]
> Changed char *msg to PNG_CONST char *msg in pngrutil.c
> Stop memory leak when reading a malformed sCAL chunk.
> Removed some trailing blanks.
>
> version 1.4.3rc03 [June 23, 2010]
> Revised pngpread.c patch of beta05 to avoid an endless loop.
>
> version 1.4.3 [June 26, 2010]
> Updated some of the "last changed" dates.

----
こがよういちろう


投稿者 xml-rpc : 2010年6月29日 10:07
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/96741
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。