English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-45
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 22 Aug 2007
 Last revised: 22 Aug 2007

 Package: libpng

 Summary: Denial of service

 More information:
    The libpng package contains a library of functions for creating and
    manipulating PNG (Portable Network Graphics) image format files.  PNG is
    a bit-mapped graphics format similar to the GIF format.  PNG was created to
    replace the GIF format, since GIF uses a patented data compression
    algorithm.
 
    The sPLT chunk handling code in libpng uses a sizeof operator on the wrong 
    data type, which allows context-dependent attackers to cause a denial of 
    service.
    The png_handle_tRNS function in libpng allows remote attackers to cause a 
    denial of service (application crash) via a grayscale PNG image.
    
 Impact:
    Context-dependent attackers to cause a denial of service.
    Remote attackers to cause a denial of service.

 Affected Products:
    - wizpy
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <wizpy>

   Source Packages
   Size: MD5

   libpng-1.2.8-2.src.rpm
       398895 6b7da9eca35706e908bc456670099102

   Binary Packages
   Size: MD5

   libpng-1.2.8-2.i386.rpm
       176946 c5af8910f863c289a031c23b7644e4ae

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   libpng-1.2.6-6.src.rpm
       393909 efffadd550ef2513e6846f05eb606a43

   Binary Packages
   Size: MD5

   libpng-1.2.6-6.i586.rpm
       163404 e39856c8064f0a5eedfa3f7af0a52cdd
   libpng-devel-1.2.6-6.i586.rpm
       194371 c9a2d0d1101e09e65b1e1f40a7ad1896

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   libpng-1.2.8-2.src.rpm
       398895 6aa2e9d7e08e92797c1494178aca7665

   Binary Packages
   Size: MD5

   libpng-1.2.8-2.i686.rpm
       198662 8be2f2020d585c4ffd5a8a859c82545f
   libpng-devel-1.2.8-2.i686.rpm
       224111 e2297bc9a4fe64f208577c36bc863653

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/libpng-1.2.6-6.src.rpm
       393909 bc471978fb38266cec345d17503b1cc2

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libpng-1.2.6-6.x86_64.rpm
       168146 2ef8260c5bae1ad0118383bb8bbde33c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libpng-debug-1.2.6-6.x86_64.rpm
       211110 1109af6cc85d4919348947b643da03d8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libpng-devel-1.2.6-6.x86_64.rpm
       199651 233608beab066ba02172bb9be0d2a4c5

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   libpng-1.2.4-7.src.rpm
       402870 97129cf9bba393e5847fd92c5d9b54f2

   Binary Packages
   Size: MD5

   libpng-1.2.4-7.i586.rpm
       135964 bbe7d417c25c920b7529001f674ab9c2

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   libpng-1.2.4-7.src.rpm
       402870 3f3d081f8fe551f17b7f284cc2da22fc

   Binary Packages
   Size: MD5

   libpng-1.2.4-7.i586.rpm
       136120 9f9447e2b757e0cd495e670d43d6c93e
   libpng-devel-1.2.4-7.i586.rpm
       159836 f1328f45faf36bd06acbc77a05bec442

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libpng-1.2.6-6.src.rpm
       393909 efffadd550ef2513e6846f05eb606a43

   Binary Packages
   Size: MD5

   libpng-1.2.6-6.i586.rpm
       163404 e39856c8064f0a5eedfa3f7af0a52cdd
   libpng-debug-1.2.6-6.i586.rpm
       212077 2f83f35a178d84b095cde6a852d8dd7a
   libpng-devel-1.2.6-6.i586.rpm
       194371 c9a2d0d1101e09e65b1e1f40a7ad1896

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libpng-1.2.6-6.src.rpm
       393909 d35300fefaacae6ef8f46788b4f5fdca

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-1.2.6-6.i586.rpm
       163328 fd8207433bfd46b09e968cbf0660c964
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-devel-1.2.6-6.i586.rpm
       194323 c1f071ea985a254528f35a2917ed0a29

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libpng-1.2.4-7.src.rpm
       402870 ad76a1bd9e75beb7daff17c5a61b5b11

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-1.2.4-7.i586.rpm
       136077 f4a359262a5e808356fa4015a4c25728
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-devel-1.2.4-7.i586.rpm
       159862 93ac2a375a0e4eabc1e25d1f484190f0


 References:

 CVE
   [CVE-2006-5793]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
   [CVE-2007-2445]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445

 --------------------------------------------------------------------------
 Revision History
    22 Aug 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGy/hRK0LzjOqIJMwRAgLjAJ9jkQeTimZAa/iwLLkAZBzz178OQACgsl5t
mroWJ557ueYnHu8SQyHQF24=
=dZUk
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.