Update of /export/home/ntop/gdchart0.94c/gd-1.8.3/libpng-1.2.4/contrib/pngsuite
In directory jabber:/tmp/cvs-serv27250
Added Files:
README basn0g01.png basn0g02.png basn0g04.png basn0g08.png
basn0g16.png basn2c08.png basn2c16.png basn3p01.png
basn3p02.png basn3p04.png basn3p08.png basn4a08.png
basn4a16.png basn6a08.png basn6a16.png
Log Message:
Move ntop (2.1.50+) to libpng 1.2.4 (http://www.libpng.org/pub/png/libpng.html)
This version fixes a recently reported security problem, albeit one
that ntop does not appear to be vulnerable to.
The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer
overflow vulnerability[1] in some functions related to progressive
image loading. Programs such as mozilla and various others use these
functions. An attacker could exploit this to remotely run arbitrary
code or crash an application by using a specially crafted png image.
I.e. ntop could create a bad png and crash, etc. the users browser.
If the browser is using the older, vulnerable libary, we could
run arbitrary code on the USERS machine.
But ntop itself isn't vulnerable to attack, that is a user, using
libpng/ntop to escalate his/her privledge on the ntop host.
-----Burton
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://lists.ntop.org/mailman/listinfo/ntop-dev
