Boletines de Vulnerabilidades

int(886)

Boletines de Vulnerabilidades

Desbordamiento de búfer en el paquete libpng
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Obtener acceso
Dificultad	Experto
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio exotico
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	Red Hat Desktop v.3 Red Hat Enterprise 3 Mandrakelinux 9.1 Mandrakelinux 9.2 Mandrakelinux 10.0 Mandrake Multi Network Firewall 8.2 Mandrake Corporate Server 2.1 Mac OS X< 10.3.5
Descripción
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en la librería libpng incluida en Red Hat Enterprise 3 y múltiples productos de Mandrake. La explotación de esta vulnerabilidad podría permitir a un atacante remoto causar una denegación de servicio o incluso a llegar a ejecutar código remotamente mediante una aplicación que utilice la librería vulnerable. Destacamos que este aviso hace referencia a una vulnerabilidad publicada en 2002.
Solución
Actualización de software Red Hat Linux Red Hat Desktop (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm ia64 libpng-1.2.2-24.ia64.rpm libpng-devel-1.2.2-24.ia64.rpm libpng10-1.0.13-14.ia64.rpm libpng10-devel-1.0.13-14.ia64.rpm ppc libpng-1.2.2-24.ppc.rpm libpng-devel-1.2.2-24.ppc.rpm libpng10-1.0.13-14.ppc.rpm libpng10-devel-1.0.13-14.ppc.rpm ppc64 libpng-1.2.2-24.ppc64.rpm libpng-devel-1.2.2-24.ppc64.rpm s390 libpng-1.2.2-24.s390.rpm libpng-devel-1.2.2-24.s390.rpm libpng10-1.0.13-14.s390.rpm libpng10-devel-1.0.13-14.s390.rpm libpng-1.2.2-24.s390.rpm s390x libpng-1.2.2-24.s390x.rpm libpng-devel-1.2.2-24.s390x.rpm libpng10-1.0.13-14.s390x.rpm libpng10-devel-1.0.13-14.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm ia64 libpng-1.2.2-24.ia64.rpm libpng-devel-1.2.2-24.ia64.rpm libpng10-1.0.13-14.ia64.rpm libpng10-devel-1.0.13-14.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 libpng-1.2.2-24.x86_64.rpm libpng-devel-1.2.2-24.x86_64.rpm libpng10-1.0.13-14.x86_64.rpm libpng10-devel-1.0.13-14.x86_64.rpm SRPMS libpng-1.2.2-24.src.rpm libpng10-1.0.13-14.src.rpm i386 libpng-1.2.2-24.i386.rpm libpng-devel-1.2.2-24.i386.rpm libpng10-1.0.13-14.i386.rpm libpng10-devel-1.0.13-14.i386.rpm libpng-1.2.2-24.i386.rpm ia64 libpng-1.2.2-24.ia64.rpm libpng-devel-1.2.2-24.ia64.rpm libpng10-1.0.13-14.ia64.rpm libpng10-devel-1.0.13-14.ia64.rpm https://rhn.redhat.com/ Mandrake Linux Mandrakelinux 9.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libpng3-1.2.5-2.3.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libpng3-devel-1.2.5-2.3.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libpng3-static-devel-1.2.5-2.3.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/libpng-1.2.5-2.3.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libpng3-1.2.5-2.3.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libpng3-devel-1.2.5-2.3.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.3.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/libpng-1.2.5-2.3.91mdk.src.rpm Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libpng3-1.2.5-7.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libpng3-devel-1.2.5-7.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libpng3-static-devel-1.2.5-7.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/libpng-1.2.5-7.3.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64png3-1.2.5-7.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/libpng-1.2.5-7.3.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libpng3-1.2.5-10.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libpng3-devel-1.2.5-10.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libpng3-static-devel-1.2.5-10.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/libpng-1.2.5-10.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64png3-1.2.5-10.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/libpng-1.2.5-10.3.100mdk.src.rpm Multi Network Firewall 8.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/libpng3-1.2.4-3.5.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/libpng-1.2.4-3.5.M82mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libpng3-1.2.4-3.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/libpng-1.2.4-3.5.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.5.C21mdk.src.rpm Apple Mac OS X update 10.3.5 http://www.apple.com/support/downloads//macosxcombinedupdate_10_3_5_.html Mac OS X 10.3.4 & 10.2.8 http://www.apple.com/support/downloads/securityupdate_2004-08-09_(10_2_8)_.html Mandriva (doxygen MDKSA-2006:212) Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm Mandriva (chromium MDKSA-2006:213) Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm
Identificadores estándar
Propiedad	Valor
CVE	CAN-2002-1363
BID
Recursos adicionales
Red Hat Security Advisory RHSA-2004:249-07 https://rhn.redhat.com/errata/RHSA-2004-249.html Mandrakesoft Security Advisory MDKSA-2004:063 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Apple Security Update http://docs.info.apple.com/article.html?artnum=61798 Mandriva Security Advisory (MDKSA-2006:212) http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 Mandriva Security Advisory (MDKSA-2006:213) http://www.mandriva.com/security/advisories?name=MDKSA-2006:213

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2004-06-21
1.1	Aviso emitido por Mandrake (MDKSA-2004:063)	2004-06-30
1.2	Aviso emitido por Apple	2004-08-11
1.3	Aviso emitido por Mandriva (MDKSA-2006:212, MDKSA-2006:213)	2006-11-17

Boletines de Vulnerabilidades

Desbordamiento de búfer en el paquete libpng

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones