安全研究
安全漏洞
Libpng库未知类型块处理远程代码执行漏洞
发布日期:2008-04-14
更新日期:2008-04-15
受影响系统:
libpng libpng 1.2.0 - 1.2.26不受影响系统:
libpng libpng 1.0.6 - 1.0.32
libpng libpng 1.2.27 beta01描述:
BUGTRAQ ID: 28770
CVE(CAN) ID: CVE-2008-1382
libpng是多种应用程序所使用的解析PNG图形格式的函数库。
libpng库在处理畸形格式的PNG文件时存在漏洞,成功利用此漏洞允许本地攻击者读取敏感信息、导致拒绝服务或执行任意指令。
libpng库没有正确地处理未知类型的PNG块,如果使用该库的应用程序在特定情况下调用了png_set_read_user_chunk_fn()或png_set_keep_unknown_chunks()函数的话,长度为0的PNG块就会导致通过free()调用使用未初始化的内存。
<*来源:Tavis Ormandy (taviso@gentoo.org)
链接:http://secunia.com/advisories/29792/
http://marc.info/?l=bugtraq&m=120818474711737&w=2
http://libpng.sourceforge.net/Advisory-1.2.26.txt
http://secunia.com/advisories/30157/
http://security.gentoo.org/glsa/glsa-200804-15.xml
http://www.debian.org/security/2009/dsa-1750
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1750-1)以及相应补丁:
DSA-1750-1:New libpng packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1750
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
Size/MD5 checksum: 829038 77ca14fcee1f1f4daaaa28123bd0b22d
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz
Size/MD5 checksum: 18622 e1e1b7d74b9af5861bdcfc50154d2b4c
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc
Size/MD5 checksum: 1033 a0668aeec893b093e1f8f68316a04041
Architecture independent packages:
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb
Size/MD5 checksum: 882 eb0e501247bd91837c090cf3353e07c6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb
Size/MD5 checksum: 214038 1dd9a6d646d8ae533fbabbb32e03149a
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb
Size/MD5 checksum: 204478 d04c5a2151ca4aa8b1fa6f1b3078e418
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb
Size/MD5 checksum: 85270 1fcfca5bfd47a2f6611074832273ac0b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb
Size/MD5 checksum: 188124 703758e444f77281b9104e20c358b521
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb
Size/MD5 checksum: 179186 d2596f942999be2acb79e77d12d99c2e
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb
Size/MD5 checksum: 69056 4bd8858ff3ef96c108d2f357e67c7b73
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb
Size/MD5 checksum: 63714 14bd7b3fa29b01ebc18b6611eea486d1
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb
Size/MD5 checksum: 168764 54a349016bbdd6624fe8552bd951fee0
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb
Size/MD5 checksum: 182720 79e501f9c79d31b0f9c8b5a4f16f6a2e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb
Size/MD5 checksum: 74440 e240adb3f2b0f8ed35a3c2fe2dd35da1
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb
Size/MD5 checksum: 187052 e5f7162d516fc3d8e953726d7fb5b6ae
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb
Size/MD5 checksum: 194360 83928ed4057deade50551874a6a85d27
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb
Size/MD5 checksum: 67656 66d9d533e26e4f74fbdd01bf55fa40b1
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb
Size/MD5 checksum: 187710 20da5a533679aee19edf5cd0c339f2c9
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb
Size/MD5 checksum: 170784 b19d4f0f8be4d65dbb847079ce2effa8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb
Size/MD5 checksum: 227792 eb01ade8e4b4dba3215832b8c632548a
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb
Size/MD5 checksum: 108076 cb3ae7c7c66dcafce969608a437fdade
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb
Size/MD5 checksum: 227388 83fa9e2ba1a370fe1b973688ab6096dd
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb
Size/MD5 checksum: 187814 daa3c7c3aeae294c661324528e0f6c3e
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb
Size/MD5 checksum: 187016 e556557c1c570c66656232422af38c8e
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb
Size/MD5 checksum: 67730 ae7ea1cd95eacae754ba35e9fae19818
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb
Size/MD5 checksum: 67996 4be0aa40152ac55a7355aea2204d7888
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb
Size/MD5 checksum: 187852 19a6eddae81d4f9d768f8c0ef442b0ed
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb
Size/MD5 checksum: 187282 119ae6083edd419fed3fe970cc507919
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb
Size/MD5 checksum: 178452 e48dc544abc3df3ec474930639e29469
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb
Size/MD5 checksum: 186636 b8319bb815dec618288cdd35cd37c191
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb
Size/MD5 checksum: 67430 a3717e7c30011e60be99ce04983f2984
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb
Size/MD5 checksum: 178548 790f01dc85511343a4ef9b4832f3b1fa
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb
Size/MD5 checksum: 190648 a79ea20f0b8af58765d2b14ec276aa5a
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb
Size/MD5 checksum: 71438 aa83c3a2ab4da51670da3eafcedddac9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb
Size/MD5 checksum: 64914 13bcdda845e00493e1b25413452302d0
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb
Size/MD5 checksum: 184734 0f0e7865607948f07a604c86fd4f94bb
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb
Size/MD5 checksum: 172558 2853d84c9f9823d0bfe77b1fca00348d
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz
Size/MD5 checksum: 16783 64d84ee2a3098905d361711dc96698c9
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz
Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc
Size/MD5 checksum: 1492 8c82810267b23916b6207fa40f0b6bce
Architecture independent packages:
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb
Size/MD5 checksum: 878 8d46f725bd49014cdb4e15508baea203
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb
Size/MD5 checksum: 287802 470918bf3d543a1128df53d4bed78b3f
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb
Size/MD5 checksum: 182372 df321c1623004da3cf1daacae952e8b6
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb
Size/MD5 checksum: 86746 975dccb76f777be09e8e5353704bf6bf
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb
Size/MD5 checksum: 71944 3f3bdfdee4699b4b3e5c793686330036
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb
Size/MD5 checksum: 254598 122c139abf34eb461eca9847ec9dffe7
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb
Size/MD5 checksum: 167190 1c17a5378b2e6b8fa8760847510f208b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb
Size/MD5 checksum: 245788 9d3fe182d56caad3f9d8a436ca109b57
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb
Size/MD5 checksum: 64754 81ee041de30e2e5343d38965ab0645c1
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb
Size/MD5 checksum: 160222 5741adc357ec8f3f09c4c8e72f02ec88
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb
Size/MD5 checksum: 67178 71747c7d6f7bffde46bb38055948b781
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb
Size/MD5 checksum: 246680 bb9df968f72c62d5adceab0079c86e02
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb
Size/MD5 checksum: 163028 60bf255a23031c9c105d3582ed2c21bd
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb
Size/MD5 checksum: 261298 a0bac6595474dc5778c764fab4acd9be
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb
Size/MD5 checksum: 170170 de217ce54775d5f648ad369f4ce7cb72
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb
Size/MD5 checksum: 74124 affd4f1155bd1d571615b6c767886974
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb
Size/MD5 checksum: 70314 865ea6726b205467e770d56d1530fdd2
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb
Size/MD5 checksum: 165892 cfcd37b7eee72625d13f09328bc24e23
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb
Size/MD5 checksum: 247056 bc860a52608d966576f581c27e89a86c
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb
Size/MD5 checksum: 305532 d6f329a47a523353fcd527c48abb078c
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb
Size/MD5 checksum: 207604 78b003ade0b48d1510f436f2e5008588
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb
Size/MD5 checksum: 112070 a0f1e5e8a85bcc1995faa1e031f5e16e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb
Size/MD5 checksum: 68198 a68e0ba1f7a39bd9984414f4160de5bc
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb
Size/MD5 checksum: 262138 f3580912592abe14609134cab2242728
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb
Size/MD5 checksum: 163666 0c9f75230c396553e6062eb397d6b95c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb
Size/MD5 checksum: 163956 dfda7e322af96e8ae5104cfd9f955e92
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb
Size/MD5 checksum: 68468 9c357d2d831dca03ed0887c58a18c523
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb
Size/MD5 checksum: 262162 a1d0ba1b7adb92a95180e6d65b398b5b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb
Size/MD5 checksum: 70814 3053467f8b8864802cc7261742abfa00
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb
Size/MD5 checksum: 166240 13acfd773d2a31bd555ac1936411fe95
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb
Size/MD5 checksum: 253322 d4a722d84e5c2f263d72a59dea00ce17
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb
Size/MD5 checksum: 253696 bc748b49195dcd01b5288349e3e85510
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb
Size/MD5 checksum: 73624 f35735be37fc376c56941795a185c742
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb
Size/MD5 checksum: 169052 4cf962619d634ea59a39d14c32134594
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb
Size/MD5 checksum: 66216 07bcad5c11908d2fe6d358dfc94d9051
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb
Size/MD5 checksum: 247212 f388365559e6b9313aa6048c6fa341f9
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb
Size/MD5 checksum: 162316 16f01a96b1fec79e9614df831dba6a05
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
libpng
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://downloads.sourceforge.net/libpng/libpng-1.2.27beta03.tar.bz2?modtime=1208169600&big_mirror=0
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200804-15)以及相应补丁:
GLSA-200804-15:libpng: Execution of arbitrary code
链接:http://security.gentoo.org/glsa/glsa-200804-15.xml
所有libpng用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.26-r1"
浏览次数:2896
严重程度:0(网友投票)
绿盟科技给您安全的保障