Update of /export/home/ntop/gdchart0.94c/gd-1.8.3/libpng-1.2.4/scripts
In directory jabber:/tmp/cvs-serv27326
Added Files:
SCOPTIONS.ppc descrip.mms libpng-config-body.in
libpng-config-head.in libpng.icc libpng.pc.in makefile.32sunu
makefile.64sunu makefile.acorn makefile.aix makefile.amiga
makefile.atari makefile.bc32 makefile.bd32 makefile.beos
makefile.bor makefile.cygwin makefile.darwin makefile.dec
makefile.dj2 makefile.freebsd makefile.gcc makefile.gcmmx
makefile.hpgcc makefile.hpux makefile.ibmc makefile.intel
makefile.knr makefile.linux makefile.macosx makefile.mips
makefile.msc makefile.ne12bsd makefile.netbsd makefile.openbsd
makefile.os2 makefile.sco makefile.sggcc makefile.sgi
makefile.so9 makefile.solaris makefile.std makefile.sunos
makefile.tc3 makefile.vcawin32 makefile.vcwin32
makefile.watcom makevms.com pngdef.pas pngos2.def
smakefile.ppc
Log Message:
Move ntop (2.1.50+) to libpng 1.2.4 (http://www.libpng.org/pub/png/libpng.html)
This version fixes a recently reported security problem, albeit one
that ntop does not appear to be vulnerable to.
The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer
overflow vulnerability[1] in some functions related to progressive
image loading. Programs such as mozilla and various others use these
functions. An attacker could exploit this to remotely run arbitrary
code or crash an application by using a specially crafted png image.
I.e. ntop could create a bad png and crash, etc. the users browser.
If the browser is using the older, vulnerable libary, we could
run arbitrary code on the USERS machine.
But ntop itself isn't vulnerable to attack, that is a user, using
libpng/ntop to escalate his/her privledge on the ntop host.
-----Burton
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://lists.ntop.org/mailman/listinfo/ntop-dev
