Abrir sesión
logo

DEFENSA FRENTE A LAS CIBERAMENAZAS

barra-separadora

Soporte de vulnerabilidades

Servicio de soporte de vulnerabilidadesAnálisis, notificación y seguimiento de aquellas vulnerabilidades más críticas, que impactan especialmente en las tecnologías empleadas en el sector público. El CCN-CERT trabajará en la recopilación y clasificación de las nuevas vulnerabilidades, realizando un análisis teórico y en laboratorio, cuando sea posible, de aquellas que por su criticidad lo requieran.

Se generarán documentos informativos o “abstracts” de dichas vulnerabilidades y se llevará a cabo un seguimiento de la evolución de la vulnerabilidad en Internet, alertando a los organismos ante cambios en la criticidad, aparición de parches, nuevas recomendaciones, constancia de explotaciones activas, etc.

Para inscribirse en este servicio o recibir más información, escribir al correo electrónico: soporte_acreditacion@ccn.cni.es

Abstracts:


Boletines de Vulnerabilidades


Ejecución de código arbitrario mediante la librería libpng

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Obtener acceso
Dificultad Principiante
Requerimientos del atacante Acceso remoto sin cuenta a un servicio exotico

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado libpng <= 1.2.5

Descripción

Se han encontrado varias vulnerabilidades en la librería libpng, utilizada por diferentes aplicaciones poder visualizar imágenes con formato PNG.

Una de estas vulnerabilidades consiste en un desbordamiento de búfer debido a un uso incorrecto de la longitud de los datos sobre transparencia de la imagen. Su explotación permitiría a un atacante ejecutar código arbitrario en el sistema de la víctima, para lo cual debería diseñar una imagen PNG con datos incorrectos y conseguir que la víctima visualizara dicha imagen.

Otras vulnerabilidades similares pueden, como mínimo, provocar fallos en las aplicaciones que utilizan esta librería.

Solución



Actualización de software

SuSE Linux
SuSE Linux 9.1 - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libpng-1.2.5-182.7.i586.rpm
SuSE Linux 9.1 - Arquitectura IA64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libpng-1.2.5-182.7.x86_64.rpm
SuSE Linux 9.1 - Parche - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libpng-1.2.5-182.7.i586.patch.rpm
SuSE Linux 9.1 - Parche - Arquitectura IA64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libpng-1.2.5-182.7.x86_64.patch.rpm
SuSE Linux 9.1 - Fuentes - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/libpng-1.2.5-182.7.src.rpm
SuSE Linux 9.1 - Fuentes - Arquitectura IA64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/libpng-1.2.5-182.7.src.rpm
SuSE Linux 9.0 - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libpng-1.2.5-191.i586.rpm
SuSE Linux 9.0 - Arquitectura IA64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libpng-1.2.5-191.x86_64.rpm
SuSE Linux 9.0 - Parche - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libpng-1.2.5-191.i586.patch.rpm
SuSE Linux 9.0 - Parche - Arquitectura IA64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libpng-1.2.5-191.x86_64.patch.rpm
SuSE Linux 9.0 - Fuentes - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/libpng-1.2.5-191.src.rpm
SuSE Linux 9.0 - Fuentes - Arquitectura IA64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/libpng-1.2.5-191.src.rpm
SuSE Linux 8.2 - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libpng-1.2.5-191.i586.rpm
SuSE Linux 8.2 - Parche
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libpng-1.2.5-191.i586.patch.rpm
SuSE Linux 8.2 - Fuentes
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/libpng-1.2.5-191.src.rpm
SuSE Linux 8.1 - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libpng-1.2.4-115.i586.rpm
SuSE Linux 8.1 - Parche
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libpng-1.2.4-115.i586.patch.rpm
SuSE Linux 8.1 - Fuentes
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/libpng-1.2.4-115.src.rpm
SuSE Linux 8.0 - Arquitectura i386
ftp://ftp.suse.com/pub/suse/i386/update/8.0/gra1/libpng-2.1.0.12-169.i386.rpm
SuSE Linux 8.0 - Parche
ftp://ftp.suse.com/pub/suse/i386/update/8.0/gra1/libpng-2.1.0.12-169.i386.patch.rpm
SuSE Linux 8.0 - Fuentes
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/libpng-2.1.0.12-169.src.rpm

Mandrake Linux
Mandrake Linux 9.1
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm
Mandrake Linux 9.1 - Arquitectura PPC
ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.ppc.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.ppc.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.ppc.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm
Mandrake Linux 9.2
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libpng3-1.2.5-7.5.92mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libpng3-devel-1.2.5-7.5.92mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libpng3-static-devel-1.2.5-7.5.92mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm
Mandrake Linux 9.2 - Arquitectura AMD64
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64png3-1.2.5-7.5.92mdk.amd64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.5.92mdk.amd64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.5.92mdk.amd64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm
Mandrake Linux 10.0
ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libpng3-1.2.5-10.5.100mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libpng3-devel-1.2.5-10.5.100mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libpng3-static-devel-1.2.5-10.5.100mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm
Mandrake Linux 10.0 - Arquitectura AMD64
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64png3-1.2.5-10.5.100mdk.amd64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.5.100mdk.amd64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.5.100mdk.amd64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm
Mandrake Multi Network Firewall 8.2
ftp://ftp.planetmirror.com/pub/Mandrake/updates/mnf8.2/RPMS/libpng3-1.2.4-3.7.M82mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/mnf8.2/SRPMS/libpng-1.2.4-3.7.M82mdk.src.rpm
Mandrake Corporate Server 2.1
ftp://ftp.planetmirror.com/pub/Mandrake/updates/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.i586.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm
Corporate Server 2.1 - Arquitectura X86-64
ftp://ftp.planetmirror.com/pub/Mandrake/updates/x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.x86_64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.x86_64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.x86_64.rpm
ftp://ftp.planetmirror.com/pub/Mandrake/updates/x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm

Debian Linux
Debian Linux 3.0 "Woody" - Fuentes
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.7.dsc
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.7.diff.gz
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7.dsc
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7.diff.gz
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
Debian Linux 3.0 "Woody" - Arquitectura ARM
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_arm.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_arm.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_arm.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_arm.deb
Debian Linux 3.0 "Woody" - Arquitectura Intel IA-32
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_i386.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_i386.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_i386.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_i386.deb
Debian Linux 3.0 "Woody" - Arquitectura Intel IA-64
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_ia64.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_ia64.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_ia64.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_ia64.deb
Debian Linux 3.0 "Woody" - Arquitectura HP Precision
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_hppa.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_hppa.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_hppa.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_hppa.deb
Debian Linux 3.0 "Woody" - Arquitectura Motorola 680x0
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_m68k.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_m68k.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_m68k.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_m68k.deb
Debian Linux 3.0 "Woody" - Arquitectura Big endian MIPS
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_mips.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_mips.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_mips.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_mips.deb
Debian Linux 3.0 "Woody" - Arquitectura Little endian MIPS
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_mipsel.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_mipsel.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_mipsel.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_mipsel.deb
Debian Linux 3.0 "Woody" - Arquitectura PowerPC
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_powerpc.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_powerpc.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_powerpc.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_powerpc.deb
Debian Linux 3.0 "Woody" - Arquitectura IBM S/390
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_s390.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_s390.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_s390.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_s390.deb
Debian Linux 3.0 "Woody" - Arquitectura Sun Sparc
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_sparc.deb
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_sparc.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_sparc.deb
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_sparc.deb

Red Hat Linux

Red Hat Desktop (v. 3) - Arquitectura i386
libpng-1.2.2-25.i386.rpm
libpng-devel-1.2.2-25.i386.rpm
libpng10-1.0.13-15.i386.rpm
libpng10-devel-1.0.13-15.i386.rpm
libpng-1.2.2-25.i386.rpm

Red Hat Desktop (v. 3) - Arquitectura AMD64
libpng-1.2.2-25.x86_64.rpm
libpng-devel-1.2.2-25.x86_64.rpm
libpng10-1.0.13-15.x86_64.rpm
libpng10-devel-1.0.13-15.x86_64.rpm

Red Hat Desktop (v. 3) - SRPMS
libpng-1.2.2-25.src.rpm
libpng10-1.0.13-15.src.rpm

Red Hat Enterprise Linux AS (v. 2.1) - Arquitectura i386
libpng-1.0.14-7.i386.rpm
libpng-devel-1.0.14-7.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1) - Arquitectura IA64
libpng-1.0.14-7.ia64.rpm
libpng-devel-1.0.14-7.ia64.rpm

Red Hat Enterprise Linux AS (v. 2.1) - SRPMS
libpng-1.0.14-7.src.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura i386
libpng-1.2.2-25.i386.rpm
libpng-devel-1.2.2-25.i386.rpm
libpng10-1.0.13-15.i386.rpm
libpng10-devel-1.0.13-15.i386.rpm
libpng-1.2.2-25.i386.rpm
libpng-1.2.2-25.i386.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura AMD64
libpng-1.2.2-25.x86_64.rpm
libpng-devel-1.2.2-25.x86_64.rpm
libpng10-1.0.13-15.x86_64.rpm
libpng10-devel-1.0.13-15.x86_64.rpm

Red Hat Enterprise Linux AS (v. 3) - SRPMS
libpng-1.2.2-25.src.rpm
libpng10-1.0.13-15.src.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura IA64
libpng-1.2.2-25.ia64.rpm
libpng-devel-1.2.2-25.ia64.rpm
libpng10-1.0.13-15.ia64.rpm
libpng10-devel-1.0.13-15.ia64.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura PPC
libpng-1.2.2-25.ppc.rpm
libpng-devel-1.2.2-25.ppc.rpm
libpng10-1.0.13-15.ppc.rpm
libpng10-devel-1.0.13-15.ppc.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura PPC64
libpng-1.2.2-25.ppc64.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura S390
libpng-1.2.2-25.s390.rpm
libpng-devel-1.2.2-25.s390.rpm
libpng10-1.0.13-15.s390.rpm
libpng10-devel-1.0.13-15.s390.rpm
libpng-1.2.2-25.s390.rpm

Red Hat Enterprise Linux AS (v. 3) - Arquitectura S390x
libpng-1.2.2-25.s390x.rpm
libpng-devel-1.2.2-25.s390x.rpm
libpng10-1.0.13-15.s390x.rpm
libpng10-devel-1.0.13-15.s390x.rpm

Red Hat Enterprise Linux ES (v. 2.1) - Arquitectura i386
libpng-1.0.14-7.i386.rpm
libpng-devel-1.0.14-7.i386.rpm

Red Hat Enterprise Linux ES (v. 2.1) - SRPMS
libpng-1.0.14-7.src.rpm

Red Hat Enterprise Linux ES (v. 3) - Arquitectura i386
libpng-1.2.2-25.i386.rpm
libpng-devel-1.2.2-25.i386.rpm
libpng10-1.0.13-15.i386.rpm
libpng10-devel-1.0.13-15.i386.rpm
libpng-1.2.2-25.i386.rpm
libpng-1.2.2-25.i386.rpm

Red Hat Enterprise Linux ES (v. 3) - Arquitectura AMD64
libpng-1.2.2-25.x86_64.rpm
libpng-devel-1.2.2-25.x86_64.rpm
libpng10-1.0.13-15.x86_64.rpm
libpng10-devel-1.0.13-15.x86_64.rpm

Red Hat Enterprise Linux ES (v. 3) - SRPMS
libpng-1.2.2-25.src.rpm
libpng10-1.0.13-15.src.rpm

Red Hat Enterprise Linux ES (v. 3) - Arquitectura IA64
libpng-1.2.2-25.ia64.rpm
libpng-devel-1.2.2-25.ia64.rpm
libpng10-1.0.13-15.ia64.rpm
libpng10-devel-1.0.13-15.ia64.rpm

Red Hat Enterprise Linux WS (v. 2.1) - Arquitectura i386
libpng-1.0.14-7.i386.rpm
libpng-devel-1.0.14-7.i386.rpm

Red Hat Enterprise Linux WS (v. 2.1) - SRPMS
libpng-1.0.14-7.src.rpm

Red Hat Enterprise Linux WS (v. 3) - Arquitectura i386
libpng-1.2.2-25.i386.rpm
libpng-devel-1.2.2-25.i386.rpm
libpng10-1.0.13-15.i386.rpm
libpng10-devel-1.0.13-15.i386.rpm
libpng-1.2.2-25.i386.rpm
libpng-1.2.2-25.i386.rpm

Red Hat Enterprise Linux WS (v. 3) - Arquitectura AMD64
libpng-1.2.2-25.x86_64.rpm
libpng-devel-1.2.2-25.x86_64.rpm
libpng10-1.0.13-15.x86_64.rpm
libpng10-devel-1.0.13-15.x86_64.rpm

Red Hat Enterprise Linux WS (v. 3) - Arquitectura IA64
libpng-1.2.2-25.ia64.rpm
libpng-devel-1.2.2-25.ia64.rpm
libpng10-1.0.13-15.ia64.rpm
libpng10-devel-1.0.13-15.ia64.rpm

Red Hat Enterprise Linux WS (v. 3) - SRPMS
libpng-1.2.2-25.src.rpm
libpng10-1.0.13-15.src.rpm

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor - Arquitectura IA64
libpng-1.0.14-7.ia64.rpm
libpng-devel-1.0.14-7.ia64.rpm

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor - SRPMS
libpng-1.0.14-7.src.rpm

HP Tru64 UNIX
Usuarios de Mozilla Application Suite < 1.7: Actualización a la versión 1.7
http://www.mozilla.org/releases/
http://h30097.www3.hp.com/internet/download.htm

Apple
Mac OS X update 10.3.5
http://www.apple.com/support/downloads//macosxcombinedupdate_10_3_5_.html
Mac OS X 10.3.4 & 10.2.8
http://www.apple.com/support/downloads/securityupdate_2004-08-09_(10_2_8)_.html

SCO
UnixWare 7.1.4
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16/erg712684.pkg
OpenServer 5.0.7
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar

Sun

Solaris 9 - GNOME 2.0.2
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114822-04-1

Solaris 9 - GNOME 2.0
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114818-06-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114820-05-1
x86
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114819-06-1

Solaris 9 (x86, SPARC) - Netscape 7
El fabricante todavía no ha publicado una solución.

Solaris 8 - GNOME 2.0
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114816-02-1
x86
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114817-02-1

Solaris 8 (x86, SPARC) - Netscape 7
El fabricante todavía no ha publicado una solución.

Solaris 7 (x86, SPARC) - Netscape 7
El fabricante todavía no ha publicado una solución.

Sun Java Desktop Systems (JDS) release 2003
Actualización disponible mediante "Online Update"

Sun Java Desktop Systems (JDS) release 2
Actualización disponible mediante "Online Update"

Mandriva (doxygen MDKSA-2006:212)

Corporate Server 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm

Mandriva Linux 2006
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm

Mandriva Linux 2007
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm

Corporate Server 4.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm

Mandriva (chromium MDKSA-2006:213)

Corporate Server 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm

Mandriva Linux 2007
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm

Identificadores estándar

Propiedad Valor
CVE CAN-2004-0597
CAN-2004-0598
CAN-2004-0599
BID NULL

Recursos adicionales

Chris Evans - libPNG stack-based buffer overflow and other code concerns
http://www.securiteam.com/unixfocus/5ZP0C0KDPG.html

SuSE Security Announcement SUSE-SA:2004:023
http://www.suse.de/de/security/2004_23_libpng.html

Mandrake Security Advisory MDKSA-2004:079
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079

Debian Security Advisory DSA 536-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00139.html

RedHat Security Advisory RHSA-2004:402-08
https://rhn.redhat.com/errata/RHSA-2004-402.html

Apple Security Update
http://docs.info.apple.com/article.html?artnum=61798

HP Security Bulletin HPSBTU01063
http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01063

SCO Security Advisory SCOSA-2004.16
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16/SCOSA-2004.16.txt

SCO Security Advisory (SCOSA-2005.49)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

Sun Alert ID: 57617
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57617&zone_32=category%3Asecurity

Sun Alert ID: 57683
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1

Mandriva Security Advisory (MDKSA-2006:212)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212

Mandriva Security Advisory (MDKSA-2006:213)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2004-08-05
1.1 Aviso emitido por Mandrake (MDKSA-2004:079), Debian (DSA 536-1), RedHat (RHSA-2004:402-08) y HP (HPSBTU01063) 2004-08-06
1.2 Aviso emitido por Sun (Sun Alert ID: 57617) 2004-08-10
1.3 Aviso emitido por Apple 2004-08-11
2.0 Exploit público disponible 2004-08-12
2.1 Aviso emitido por SCO (SCOSA-2004.16) 2004-10-13
2.2 Aviso actualizado por Sun (57617) 2004-10-18
2.3 Aviso emitido por Sun (57683) 2004-12-01
2.4 Aviso emitido por SCO (SCOSA-2005.49) 2005-11-28
2.5 Aviso emitido por Mandriva (MDKSA-2006:212, MDKSA-2006:213) 2006-11-17
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración