-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: Linux: libpng progressive image loading vulnerabilities and other buffer overflows Advisory number: CSSA-2002-042.0 Issue date: 2002 November 12 Cross reference: ______________________________________________________________________________ 1. Problem Description There are two buffer overflow vulnerabilities in the libpng code: one of which can allow attackers to cause a denial of service, and the other that can cause a denial of service with the possibility of executing arbitrary code. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to libpng-1.0.15-5MR.i386.rpm prior to libpng-devel-1.0.15-5MR.i386.rpm prior to libpng-devel-static-1.0.15-5MR.i386.rpm OpenLinux 3.1.1 Workstation prior to libpng-1.0.15-5MR.i386.rpm prior to libpng-devel-1.0.15-5MR.i386.rpm prior to libpng-devel-static-1.0.15-5MR.i386.rpm OpenLinux 3.1 Server prior to libpng-1.0.15-5MR.i386.rpm prior to libpng-devel-1.0.15-5MR.i386.rpm prior to libpng-devel-static-1.0.15-5MR.i386.rpm OpenLinux 3.1 Workstation prior to libpng-1.0.15-5MR.i386.rpm prior to libpng-devel-1.0.15-5MR.i386.rpm prior to libpng-devel-static-1.0.15-5MR.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-042.0/RPMS 4.2 Packages 93221732f6fcd8d2a06082d68ce460e2 libpng-1.0.15-5MR.i386.rpm 98fb336313cdd6e4b5e0d2e80f0e6de5 libpng-devel-1.0.15-5MR.i386.rpm c474133b01b1f7f39d65fd017635e109 libpng-devel-static-1.0.15-5MR.i386.rpm 4.3 Installation rpm -Fvh libpng-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-042.0/SRPMS 4.5 Source Packages 512eda0dec68d56065b515ecd540f585 libpng-1.0.15-5MR.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-042.0/RPMS 5.2 Packages f92a046d343a7f174b4912e3be8e6e5b libpng-1.0.15-5MR.i386.rpm 0106b36eb2d7d6469f04e43b2752ebfa libpng-devel-1.0.15-5MR.i386.rpm b036341f4c3db77dd44c071aa863781c libpng-devel-static-1.0.15-5MR.i386.rpm 5.3 Installation rpm -Fvh libpng-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-042.0/SRPMS 5.5 Source Packages 95fa381705ae3d28b971d3f96592ec73 libpng-1.0.15-5MR.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-042.0/RPMS 6.2 Packages 112edf2530cc5df8a1c54f18a26b5b41 libpng-1.0.15-5MR.i386.rpm 8fe1bf881e31e38c34100569b52a5213 libpng-devel-1.0.15-5MR.i386.rpm 411476fc864656d877b43d695f7cc789 libpng-devel-static-1.0.15-5MR.i386.rpm 6.3 Installation rpm -Fvh libpng-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-042.0/SRPMS 6.5 Source Packages d8fb9343ec9a91e36fbd0375e478a5a2 libpng-1.0.15-5MR.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-042.0/RPMS 7.2 Packages 450c615089d6ee0af856574111dfb074 libpng-1.0.15-5MR.i386.rpm e160fd394b9a116fa68e7cdffd8d6dec libpng-devel-1.0.15-5MR.i386.rpm 28543b8410403f28a1dc8949cf82eb2f libpng-devel-static-1.0.15-5MR.i386.rpm 7.3 Installation rpm -Fvh libpng-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-1.0.15-5MR.i386.rpm rpm -Fvh libpng-devel-static-1.0.15-5MR.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-042.0/SRPMS 7.5 Source Packages 29579bd08c919cd5de11acbc11026e21 libpng-1.0.15-5MR.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0660 ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr867868, fz525853, erg712105. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj3RdjwACgkQbluZssSXDTEUkQCgmjB4gWg8VOl5QlFlhxhz9OL/ 52cAoPEhm2mHAc9F9pMeyzXdtF/7Phi+ =WmO0 -----END PGP SIGNATURE-----