| Issue 47633: | Update libpng to 1.2.44 | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Restricted
Sign in to add a comment
|
According to a developer on irc:
11:39 < gnpbil> there's a new version of libpng out, it fixes a security
vulnerability
11:39 < gnpbil> http://www.libpng.org/pub/png/libpng.html
11:40 < gnpbil> "the possibility of execution of an attacker's code with the
privileges of the libpng user (including remote compromise in
the case of a libpng-based browser visiting a hostile web site)"
We would need to update libpng from 1.2.42 to 1.2.43
Is there any reason why we wont use the 1.4.x series?
Jun 26, 2010
#1
mhm@chromium.org
Summary:
Update libpng to 1.2.44
Jun 26, 2010
(No comment was entered for this change.)
Labels:
-Area-Undefined SecSeverity-High
Jun 26, 2010
Just making sure it's on the security team's radar.
Owner:
secur...@chromium.org
Cc: phajdan...@chromium.org Labels: Restrict-View-SecurityTeam
Jun 26, 2010
I am updating it now, based on the attached file. According to the security advisory on their website: http://www.libpng.org/pub/png/libpng.html Several versions of libpng through 1.4.2 (and through 1.2.43 in the older series) contain a bug whereby progressive applications such as web browsers (or the rpng2 demo app included in libpng) could receive an extra row of image data beyond the height reported in the header, potentially leading to an out-of-bounds write to memory (depending on how the application is written) and the possibility of execution of an attacker's code with the privileges of the libpng user (including remote compromise in the case of a libpng-based browser visiting a hostile web site). This vulnerability has been assigned ID CVE-2010-1205 (via Mozilla). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 An additional memory-leak bug, involving images with malformed sCAL chunks, is also present; it could lead to an application crash (denial of service) when viewing such images.
Status:
Started
Owner: m...@chromium.org Cc: secur...@chromium.org
Jun 26, 2010
(No comment was entered for this change.)
Jun 26, 2010
For v5 stable, we will be using a WebKit workaround patch that checks the range of the returned row. But, good to get a fully uptodate libpng on trunk, thanks guys!
Jun 26, 2010
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=50937
------------------------------------------------------------------------
r50937 | mhm@chromium.org | 2010-06-26 11:03:28 -0700 (Sat, 26 Jun 2010) | 8 lines
Changed paths:
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/LICENSE?r1=50937&r2=50936
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/README?r1=50937&r2=50936
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/README.chromium?r1=50937&r2=50936
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/png.h?r1=50937&r2=50936
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngpread.c?r1=50937&r2=50936
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngread.c?r1=50937&r2=50936
M http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngrutil.c?r1=50937&r2=50936
Update libpng to version 1.2.44
According to libpng website, this will solve the vulnerability ID CVE-2010-1205.
BUG=47633
TEST=None
Review URL: http://codereview.chromium.org/2835021
------------------------------------------------------------------------
Jun 26, 2010
we will check with laforge@ to see if this needs to be merged to 375. also, cris did fix this in webkit glue code, so, i think we might just merge that one for 375.
Status:
WillMerge
Cc: -secur...@chromium.org c...@chromium.org Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Jun 26, 2010
Yeah, the other half of this patch is in issue 45983 , and will cover distros that haven't had a chance to update libpng.
Jun 26, 2010
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=50941
------------------------------------------------------------------------
r50941 | jzern@chromium.org | 2010-06-26 16:39:10 -0700 (Sat, 26 Jun 2010) | 11 lines
Changed paths:
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/LICENSE?r1=50941&r2=50940
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/README?r1=50941&r2=50940
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/README.chromium?r1=50941&r2=50940
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/png.h?r1=50941&r2=50940
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/pngpread.c?r1=50941&r2=50940
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/pngread.c?r1=50941&r2=50940
M http://src.chromium.org/viewvc/chrome/branches/375/src/third_party/libpng/pngrutil.c?r1=50941&r2=50940
Merge 50937 - Update libpng to version 1.2.44
According to libpng website, this will solve the vulnerability ID CVE-2010-1205.
BUG=47633
TEST=None
Review URL: http://codereview.chromium.org/2835021
TBR=mhm@chromium.org
Review URL: http://codereview.chromium.org/2883001
------------------------------------------------------------------------
Jul 2, 2010
(No comment was entered for this change.)
Status:
FixUnreleased
Oct 12, 2012
This issue has been closed for some time. No one will pay attention to new comments. If you are seeing this bug or have new data, please click New Issue to start a new bug.
Labels:
Restrict-AddIssueComment-Commit
Dec 20, 2012
(No comment was entered for this change.)
Status:
Fixed
Mar 11, 2013
(No comment was entered for this change.)
Labels:
-SecSeverity-High Security-Severity-High
Mar 13, 2013
(No comment was entered for this change.)
Labels:
Restrict-View-EditIssue
Mar 21, 2013
(No comment was entered for this change.)
Labels:
-Restrict-View-SecurityNotify -Restrict-View-EditIssue
Mar 21, 2013
(No comment was entered for this change.)
Labels:
-Security-Severity-High Security_Severity-High
|
||||||||||
| ► Sign in to add a comment | |||||||||||
