Burton, if you have time go ahead and update the repository. Thanks, Luca
Burton Strauss wrote: >Luca: > >Based on the announcement at libpng and others, we should probably consider updating >our version of libpng to the recently released v1.2.4 > >Based on what I've read - but there isn't much info - I don't THINK we're vulnerable >- it's more that a bad-guy server could kill the browser, vs. a specific request to >ntop causing ntop to send the bad-guy stuff, but better safe than sorry... And >because this - like many others advisories, will become a checklist item! > >Any comments? Thoughts? Ideas? Gang?? > >-----Burton > > >References: > >http://lwn.net/Alerts/5008/: > >"The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow >vulnerability[1] in some functions related to progressive image loading. Programs >such as mozilla and various others use these functions. An attacker could exploit >this to remotely run arbitrary code or crash an application by using a specially >crafted png image." > >http://www.libpng.org/pub/png/pngnews.html: > >8 July 2002 - libpng 1.2.4 and 1.0.14 are released. These versions plug some memory >leaks and eliminate a buffer-overflow vulnerability that could be triggered by >too-large zlib streams. (This is completely unrelated to the zlib-specific >vulnerability described in the 11 March 2002 entry below.) > >ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207 > > > > >__________________________________________________ >D O T E A S Y - "Join the web hosting revolution!" > http://www.doteasy.com >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://lists.ntop.org/mailman/listinfo/ntop > > -- Luca Deri NETikos S.p.A. Via Matteucci 34/B 56124 Pisa, Italy. Ph. +39/050/968.639 Fax. +39/050/968.626 Personal: [EMAIL PROTECTED] Business: [EMAIL PROTECTED] WWW: http://luca.ntop.org/ ICQ: 68183632 Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
