Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Wed, 12 Nov 2008 12:42:05 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...re.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- OptiPNG

Hello Steve,

  OptiPNG upstream has released new version, fixing between others
one security issue -- buffer overflow present in reader responsible
for BMP images handling.

References:
http://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404
http://secunia.com/Advisories/32651/
http://www.frsirt.com/english/advisories/2008/3108/references
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399
http://optipng.sourceforge.net/

Affected versions: all prior to prior to 0.6.2. (from Secunia advisory)

Proposed solution:

Upgrade to 0.6.2 or security patch against 0.6.1 available at:
http://prdownloads.sourceforge.net/optipng/optipng-0.6.1.1.diff?download

Impact: arbitrary code execution (from Secunia advisory)

Could you please allocate a new CVE id for this issue?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux