|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Buchholz (rbu
gentoo.org)
Date: Tue Dec 02 2008 - 11:25:54 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200812-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OptiPNG: User-assisted execution of arbitrary code
Date: December 02, 2008
Bugs: #246522
ID: 200812-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in OptiPNG might result in user-assisted execution of
arbitrary code.
Background
==========
OptiPNG is a PNG optimizer that recompresses image files to a smaller
size, without losing any information.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-gfx/optipng < 0.6.2 >= 0.6.2
Description
===========
A buffer overflow in the BMP reader in OptiPNG has been reported.
Impact
======
A remote attacker could entice a user to process a specially crafted
BMP image, possibly resulting in the execution of arbitrary code with
the privileges of the user running the application, or a Denial of
Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OptiPNG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2"
References
==========
[ 1 ] CVE-2008-5101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200812-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
securitygentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iQIcBAABAgAGBQJJNW+kAAoJECaaHo/OfoM5PzcP/191A9ht6QeuZvbpKdMlYhf5
+KDrZZ7kdZvmxvtlZUMKx6oFgwDmdcNnaxmYvAw4Y2KQwoEt9l+ki9WsqGA5jy3U
+rd2ZoNx3S/kycJTrpxZOeARjJlxdyob4PHyo6blYhu6pckGXLvnOkAMnIa+Xacv
Znkm19lE7TRKI8iKZp1zUCx818glR8/w19eMkAIJjEpJ0MP8ysbIk6eKV+vsKsgR
yKaW0W+NwbjMXoMqTvcs/GyhRsbibHj8DvLbVv4wQMmEgzuJSvYTO4Sp99slki6x
J16DV6CkQTPLVqwylh19jbjeIUqECgBN3lx4sy2bEvpaPPaQtPZzyCR39lRKeXhc
K+sY1HsVdcDh5glQaIL/I5Lfr8nzjuxdxtjH3p8MxJ0grbwXAk4X/IOlEb4TNGWZ
xbFvbWZ6Z2vZt0aSukcBZftpaRArRsh7I0dyjd9favG+3BAcB8MaIkiY9AQkHwDK
aksNugoxRvR4fuDdzZXTj2otGJJGeG0M2AvOG01XUhSbcArUsea5RAUgu1v8RnLG
im4nRtjYkShwAqPfxbIencNwU51PR+zUaAQ8TPIqQYZ8gm9r6gL/tR7n24VdFrjz
EyIMlOPJk7ayNTNK1RguYLg4PH2aGlstjq7jDFG3y6Km0l2x+yB/AzoEE2I49RMn
U0ZOP0DKJ0SNmeEjemrY
=eKb/
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]