Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Linux speared by trio of security holes

Update hell as libpng, Xpdf and Cups all found with vulnerabilities.

Article comments

A series of security holes in three common Linux components has led open-source vendors to rush out several updates in just one day.

Two of them, rated "highly critical" by security company Secunia, are in libpng, a library used by a number of applications, including the Mozilla browser to display png graphics files.

The problems are a boundary error in Mozilla’s "png handle" function, and an integer overflow in the "png read" function. These flaws could potentially be exploited by malicious users to trick computer users into viewing a corrupted png image, and inadvertently linking an application into the vulnerable library. Ultimately, it means a hackers could execute arbitrary code on your PC.

In August, a number of security flaws were discovered in libpng, including a bug in the POP3 capability and a risk of unauthorised upload of data from a victim’s computer.

More flaws have also been discovered in Xpdf, which is used to view Adobe pdf files in Linux. A series of integer overflow errors in Xpdf could seriously compromise a victim’s system. As with the libpng vulnerability, malicious users could exploit the Xpdf vulnerability to execute arbitrary code using specially crafted pdf files.

In addition, unspecified errors have been discovered in Xpdf’s logic which can be exploited to create infinite loops, crippling computers by consuming enormous amounts of system resources.

And if that wasn't bad enough, patches issued to fix the Xpdf hole have also flagged up a third hole in the basic Cups printing solution that can give system access.

Some vendors have already taken steps to protect users against the vulnerabilities. Debian, for example, has issued two patches for its Linux 3.0 users to protect them from the libpng flaws. Mandrake, Fedora and Gentoo, meanwhile, have issued patches for the vulnerabilities in Xpdf, and Mandrake and Gentoo have patches for the Cups hole.

Which is a trio of headaches in just a day.

Check out our Windows v Linux Special Report, an independent guide to the two operating systems. Register for free here and get all your queries answered.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *