Two security issues fixed last year in libpng 1.5.14 have received CVEs: http://openwall.com/lists/oss-security/2014/04/10/10 It sounds like they are very minor issues, so an update at this time is probably not necessary. No patches are linked, but as libpng15 is at 1.5.18 now and 1.5.19 is in beta, the next time we ship an update for this package, we should just update it to the newest version (we currently have 1.5.13). Only libpng (1.5) in Mageia 3 is affected, as the issue was fixed in 1.6.0. Reproducible: Steps to Reproduce:
Apparently libpng 1.2.x is also affected. OpenSuSE has issued an advisory for this today (May 2): http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html
URL: (none) => http://lwn.net/Vulnerabilities/597180/Summary: libpng (1.5.x) new security issues CVE-2013-7353 and CVE-2013-7354 => libpng (1.2.x, 1.5.x) new security issues CVE-2013-7353 and CVE-2013-7354
Another OpenSuSE advisory for 1.2.x from today (May 7): http://lists.opensuse.org/opensuse-updates/2014-05/msg00026.html And one for 1.5.x: http://lists.opensuse.org/opensuse-updates/2014-05/msg00024.html
fixed with libpng12-1.2.50-3.2.mga3, libpng12-1.2.50-4.2.mga4 & libpng12-1.2.51-2.mga5. fixed with libpng-1.5.13-2.2.mga3.
CC: (none) => oe
Thanks Oden! Advisory (Mageia 3): ======================== Updated libpng12 and libpng packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353). An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354 http://lists.opensuse.org/opensuse-updates/2014-05/msg00026.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00024.html ======================== Updated packages in core/updates_testing: ======================== libpng12_0-1.2.50-3.2.mga3 libpng12-devel-1.2.50-3.2.mga3 libpng15_15-1.5.13-2.2.mga3 libpng-devel-1.5.13-2.2.mga3 from SRPMS: libpng12-1.2.50-3.2.mga3.src.rpm libpng-1.5.13-2.2.mga3.src.rpm Advisory (Mageia 4): ======================== Updated libpng12 packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353). An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354 http://lists.opensuse.org/opensuse-updates/2014-05/msg00026.html ======================== Updated packages in core/updates_testing: ======================== libpng12_0-1.2.50-4.2.mga4 libpng12-devel-1.2.50-4.2.mga4 from libpng12-1.2.50-4.2.mga4.src.rpm
Version: 3 => 4Assignee: bugsquad => qa-bugsWhiteboard: (none) => MGA3TOO
Easy one to test: https://bugs.mageia.org/show_bug.cgi?id=12747#c1
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Testing complete mga3 32 & 64 and mga4 32 & 64 Testing mga4 - display png images in xv (ie. xv filename.png) Testing mga3 - libpng15_15 - display png images using imagemagick (ie. 'display filename.png') libpng12_0 - display images using xv (ie. xv filename.png) Both can be found by using urpmq --whatrequires lib(64)12_0 or 15_15 to show packages which use the libraries.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Validating. Separate advisories uploaded for mga3 and mga4. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Mga3 update pushed: http://advisories.mageia.org/MGASA-2014-0210.html Mga4 update pushed: http://advisories.mageia.org/MGASA-2014-0211.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED