-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 : Multiple Vulnerabilities in libpng Advisory number: SCOSA-2004.16 Issue date: 2004 October 07 Cross reference: sr891394 fz530149 erg712684 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768 VU#388984 VU#236656 VU#160448 VU#477512 VU#817368 VU#286464 TA04-217A ______________________________________________________________________________ 1. Problem Description Several vulnerabilities exist in the libpng library, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. CERT Technical Cyber Security Alert TA04-217A VU#388984 - libpng fails to properly check length of transparency chunk (tRNS) data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0597 to this issue. VU#236656 - libpng png_handle_iCCP() NULL pointer dereference The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0598 to this issue. VU#160448 - libpng integer overflow in image height processing The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0599 to this issue. VU#477512 - libpng png_handle_sPLT() integer overflow The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0599 to this issue. VU#817368 - libpng png_handle_sBIT() performs insufficient bounds checking. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0597 to this issue. VU#286464 - libpng contains integer overflows in progressive display image reading. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0599 to this issue. 2. Vulnerable Supported Versions System Files ---------------------------------------------------------------------- UnixWare 7.1.4 /usr/include/png.h /usr/include/pngconf.h /usr/lib/libpng.a /usr/lib/libpng.so.3.1.2.7 /usr/man/man.3/libpng.3 /usr/man/man.3/libpngpf.3 /usr/man/man.5/png.5 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16 4.2 Verification MD5 (erg712684.pkg) = 78920b002aaeb097149084dc7451ce83 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712684.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/erg712684.pkg 5. References Specific references for this advisory: http://libpng.sourceforge.net http://www.libpng.org/pub/png http://scary.beasts.org/security/CESA-2004-001.txt http://www.us-cert.gov/cas/techalerts/TA04-217A.html http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286484 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/236656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr891394 fz530149 erg712684 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768 VU#388984 VU#236656 VU#160448 VU#477512 VU#817368 VU#286464. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments SCO would like to thank Chris Evans for researching and reporting these vulnerabilities. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFBZdG0aqoBO7ipriERAo4yAJ9Jq0kJcbjQ7Pi/aeRbTWk9zsk/owCffQxQ wl3Jg/u6CafJ0Pqm4OzB3cM= =y7cQ -----END PGP SIGNATURE-----