Update of /export/home/ntop/gdchart0.94c/gd-1.8.3/libpng-1.2.4/projects
In directory jabber:/tmp/cvs-serv27286
Added Files:
netware.txt wince.txt
Log Message:
Move ntop (2.1.50+) to libpng 1.2.4 (http://www.libpng.org/pub/png/libpng.html)
This version fixes a recently reported security problem, albeit one
that ntop does not appear to be vulnerable to.
The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer
overflow vulnerability[1] in some functions related to progressive
image loading. Programs such as mozilla and various others use these
functions. An attacker could exploit this to remotely run arbitrary
code or crash an application by using a specially crafted png image.
I.e. ntop could create a bad png and crash, etc. the users browser.
If the browser is using the older, vulnerable libary, we could
run arbitrary code on the USERS machine.
But ntop itself isn't vulnerable to attack, that is a user, using
libpng/ntop to escalate his/her privledge on the ntop host.
-----Burton
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://lists.ntop.org/mailman/listinfo/ntop-dev
