Three security holes found in Linux
Three security holes found in Linux
Oct 25th, 2004: Open source vendors have acted quickly to security holes found in three different Linux components in one day by releasing updates to help minimise the damage.
Open source vendors have acted quickly to security holes found in three different Linux components in one day by releasing updates to help minimise the damage.
Secunia, a security company, has identified two high risk vulnerabilities found in libpng, which potentially can be exploited by malicious people to compromise a user's system.
These vulnerabilities use libpng (a library used by applications, including the Mozilla browser) to show png graphic files.
A boundary error in the "png_handle_tRNS()" function and an integer overflow in the "png_read_png()" function can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted PNG image with an application linked to the vulnerable library.
Successful exploitation could allow the execution of arbitrary code.
Other flaws have also been found in Xpdf, used to view Adobe pdf files in Linux. These vulnerabilities could also exploit the Xpdf fault to produce arbitrary code too.
Unusual errors have also been found in Xpdf's logic, which can create continuous loops that can ruin computers by using up large amounts of the system resources.
Patches released to fix the Xpdf security fault have also revealed another hole in the basic Cups printing solution that provides system access.
So far, Debian has issued two patches for its Linux 3.0 users to guard them against the libpng dangers. Mandrake, Fedora and Gentoo have issued patches for the Xpd security flaws and Mandrake and Gentoo have released patches for the Cups vulnerability.
Related Article: