OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 29-Apr-2004 22:26:34
Branch: HEAD Handle: 2004042921263400
Modified files:
openpkg-web/security OpenPKG-SA-2004.017-png.txt
Log:
small adjustments only
Summary:
Revision Changes Path
1.4 +11 -9 openpkg-web/security/OpenPKG-SA-2004.017-png.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt
============================================================================
$ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2004.017-png.txt
--- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:13:05 -0000
1.3
+++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:26:34 -0000
1.4
@@ -7,7 +7,7 @@
________________________________________________________________________
Package: png
-Vulnerability: denial of service, program crash
+Vulnerability: denial of service
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
@@ -66,17 +66,19 @@
Description:
- According to a security advisory from Steve Grubb libpng accesses
+ According to a security advisory from Steve Grubb, libpng accesses
memory that is out of bounds when creating an error message. Depending
- on machine architecture bounds checking and other protective measures,
- this problem could cause the program to core dump. If a daemon
- processes png images, this would be a DOS.
+ on machine architecture, bounds checking and other protective
+ measures, this problem could cause the program to crash if a defective
+ or intentionally prepared PNG image file is handled by libpng. This
+ can even lead to a Denial of Service (DoS) situation.
Please check whether you are affected by running "<prefix>/bin/rpm
- -q png". If you have the "png" package installed and its version
- is affected (see above), we recommend that you immediately upgrade
- it (see Solution) and its dependent packages (see above), if any,
- too [3][4].
+ -q png" (and similarly for the other affected packages which have
+ PNG included). If you have the "png" package (or one of the others)
+ installed and its version is affected (see above), we recommend that
+ you immediately upgrade it (see Solution) and its dependent packages
+ (see above), if any, too [3][4].
Solution:
Select the updated source RPM appropriate for your OpenPKG release
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
