Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Sep 2012 19:27:25 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Agostino Sarubbo <ago@...too.org>
Subject: Re: CVE request: OptiPNG Palette Reduction Use-After-Free
 Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/17/2012 10:36 AM, Agostino Sarubbo wrote:
> Quoting the secunia advisory:
> 
> Description A vulnerability has been reported in OptiPNG, which can
> be exploited by malicious people to potentially compromise a user's
> system.
> 
> The vulnerability is caused due to a use-after-free error related
> to the palette reduction functionality. No further information is
> currently available.
> 
> Success exploitation may allow execution of arbitrary code.
> 
> The vulnerability is reported in version 0.7, 0.7.1, and 0.7.2.
> 
> 
> Solution Update to version 0.7.3.
> 
> 
> Code commit: 
> http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
>
>  Additional info: Version 0.6.5 and earlier are not affected.
> 

Please use CVE-2012-4432 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQV839AAoJEBYNRVNeJnmT664QAI85o2ckKjTZ1uSNU0H4YliD
L4RnENEPjiLwxXAaP5iHGvstnPHqGCHPrdRgjlVKe4FokQ+FIN8JR5/+wNpVTTDp
gNs3A/jeuIM3EvJHBeJt3nI+372GwqyBJkd1YiRA/4NRVj/9bByw1e/sK2He0LLn
t8q0GybXhGZBXngYQqgXRrP9EQq96eWzRE7gAkoq4+kkL9SsozNGcJxJDytQCJJT
IckohRLWjqLLcFuhY1QfZ4YsJrGequbtTkq91iNZwOf6WVPoK00b90CsqGhqDehF
jLlcopouSlvEKHr1jGpd2YS/m7EEfiix5h4kMzy8mcC+1Amg1iL6eKUauRn6IqwZ
H8XKX8Tb35eHhspX1nTPR4fV8EbBtsNuwPuu86YP3V5tJhphTwixWQvDU4zPCAEi
+ecmEsib79BvJdp3v92i8yyytxUP0e6XltMBK488bkB2qmskkwYAByHD/tb/mbBf
YcMJ3bE+57hpXH1j1acOKG/6Sa1pS5UJk92CI6AKzPMVwLX0Gon/OEKbNAy0OuI9
UpEvkETnzw+hjed1EzV5J1bNFaQroUk587PkiN5Judm+uIj4lakduli3n8LdZn1H
dAlHiDWkW6xv0jOl13J6vaAljDBMc4+sZnbUtWMzxlwYxc3KUl1sz3iVHXr7iKnO
ZsN/rnFLGSTCZSSokbmP
=Fnct
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ