Boletines de Vulnerabilidades |
Desbordamiento de búfer en el paquete libpng |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
Red Hat Desktop v.3 Red Hat Enterprise 3 Mandrakelinux 9.1 Mandrakelinux 9.2 Mandrakelinux 10.0 Mandrake Multi Network Firewall 8.2 Mandrake Corporate Server 2.1 Mac OS X< 10.3.5 |
Descripción |
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en la librería libpng incluida en Red Hat Enterprise 3 y múltiples productos de Mandrake. La explotación de esta vulnerabilidad podría permitir a un atacante remoto causar una denegación de servicio o incluso a llegar a ejecutar código remotamente mediante una aplicación que utilice la librería vulnerable. Destacamos que este aviso hace referencia a una vulnerabilidad publicada en 2002. |
|
Solución |
|
Actualización de software Red Hat Linux Red Hat Desktop (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm ia64 libpng-1.2.2-24.ia64.rpm libpng-devel-1.2.2-24.ia64.rpm libpng10-1.0.13-14.ia64.rpm libpng10-devel-1.0.13-14.ia64.rpm ppc libpng-1.2.2-24.ppc.rpm libpng-devel-1.2.2-24.ppc.rpm libpng10-1.0.13-14.ppc.rpm libpng10-devel-1.0.13-14.ppc.rpm ppc64 libpng-1.2.2-24.ppc64.rpm libpng-devel-1.2.2-24.ppc64.rpm s390 libpng-1.2.2-24.s390.rpm libpng-devel-1.2.2-24.s390.rpm libpng10-1.0.13-14.s390.rpm libpng10-devel-1.0.13-14.s390.rpm libpng-1.2.2-24.s390.rpm s390x libpng-1.2.2-24.s390x.rpm libpng-devel-1.2.2-24.s390x.rpm libpng10-1.0.13-14.s390x.rpm libpng10-devel-1.0.13-14.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm ia64 libpng-1.2.2-24.ia64.rpm libpng-devel-1.2.2-24.ia64.rpm libpng10-1.0.13-14.ia64.rpm libpng10-devel-1.0.13-14.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm ia64 libpng-1.2.2-24.ia64.rpm libpng-devel-1.2.2-24.ia64.rpm libpng10-1.0.13-14.ia64.rpm libpng10-devel-1.0.13-14.ia64.rpm https://rhn.redhat.com/ Mandrake Linux Mandrakelinux 9.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libpng3-1.2.5-2.3.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libpng3-devel-1.2.5-2.3.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libpng3-static-devel-1.2.5-2.3.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/libpng-1.2.5-2.3.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libpng3-1.2.5-2.3.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libpng3-devel-1.2.5-2.3.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.3.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/libpng-1.2.5-2.3.91mdk.src.rpm Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libpng3-1.2.5-7.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libpng3-devel-1.2.5-7.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libpng3-static-devel-1.2.5-7.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/libpng-1.2.5-7.3.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64png3-1.2.5-7.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/libpng-1.2.5-7.3.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libpng3-1.2.5-10.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libpng3-devel-1.2.5-10.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libpng3-static-devel-1.2.5-10.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/libpng-1.2.5-10.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64png3-1.2.5-10.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/libpng-1.2.5-10.3.100mdk.src.rpm Multi Network Firewall 8.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/libpng3-1.2.4-3.5.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/libpng-1.2.4-3.5.M82mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libpng3-1.2.4-3.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/libpng-1.2.4-3.5.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.5.C21mdk.src.rpm Apple Mac OS X update 10.3.5 http://www.apple.com/support/downloads//macosxcombinedupdate_10_3_5_.html Mac OS X 10.3.4 & 10.2.8 http://www.apple.com/support/downloads/securityupdate_2004-08-09_(10_2_8)_.html Mandriva (doxygen MDKSA-2006:212) Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm Mandriva (chromium MDKSA-2006:213) Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2002-1363 |
BID | |
Recursos adicionales |
|
Red Hat Security Advisory RHSA-2004:249-07 https://rhn.redhat.com/errata/RHSA-2004-249.html Mandrakesoft Security Advisory MDKSA-2004:063 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Apple Security Update http://docs.info.apple.com/article.html?artnum=61798 Mandriva Security Advisory (MDKSA-2006:212) http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 Mandriva Security Advisory (MDKSA-2006:213) http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-06-21 |
1.1 | Aviso emitido por Mandrake (MDKSA-2004:063) | 2004-06-30 |
1.2 | Aviso emitido por Apple | 2004-08-11 |
1.3 | Aviso emitido por Mandriva (MDKSA-2006:212, MDKSA-2006:213) | 2006-11-17 |