2010年7月 6日

[installer 2425] libpng-1.2.44

libpng-1.2.44 出ています (出し忘れていました)。

これも

(Tue, 29 Jun 2010 10:07:41 +0900 (JST))
Koga Youichirou <y-koga@xxxxx>:
> http://www.libpng.org/pub/png/libpng.html によると、
>

> Vulnerability Warning
>
> Several versions of libpng through 1.4.2 (and through 1.2.43 in the
> older series) contain a bug whereby progressive applications such as
> web browsers (or the rpng2 demo app included in libpng) could
> receive an extra row of image data beyond the height reported in the
> header, potentially leading to an out-of-bounds write to memory
> (depending on how the application is written) and the possibility of
> execution of an attacker's code with the privileges of the libpng
> user (including remote compromise in the case of a libpng-based
> browser visiting a hostile web site). This vulnerability has been
> assigned ID CVE-2010-1205 (via Mozilla).
>
> An additional memory-leak bug, involving images with malformed sCAL
> chunks, is also present; it could lead to an application crash
> (denial of service) when viewing such images.
>
> Both bugs are fixed in versions 1.4.3 and 1.2.44, released 25 June
> 2010.

です。

☆ libpng-1.2.44
http://sourceforge.net/projects/libpng/
http://sourceforge.net/projects/libpng/files/03-libpng-previous/

version 1.2.44beta01 [June 18, 2010]
In pngpread.c: png_push_have_row() add check for new_row > height
Removed the now-redundant check for out-of-bounds new_row from example.c

version 1.2.44beta02 [June 19, 2010]
In pngpread.c: png_push_process_row() add check for too many rows.
Removed the now-redundant check for new_row > height in png_push_have_row().

version 1.2.44beta03 [June 20, 2010]
Rewrote png_process_IDAT_data() to consistently treat extra data as warnings
and handle end conditions more cleanly.
Removed the new (beta02) check in png_push_process_row().

version 1.2.44rc01 [June 21, 2010]
Revised some comments in png_process_IDAT_data().

version 1.2.44rc02 [June 22, 2010]
Stop memory leak when reading a malformed sCAL chunk.

version 1.2.44rc03 [June 23, 2010]
Revised pngpread.c patch of beta05 to avoid an endless loop.

version 1.2.44 [June 26, 2010]
Updated some of the "last changed" dates.

----
こがよういちろう


投稿者 xml-rpc : 2010年7月 6日 10:54
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/96878
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。