LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

July 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA July 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: libpng on SL4.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 28 Jul 2011 15:24:22 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (33 lines)

Synopsis:    Moderate: libpng security update
Issue Date:  2011-07-28
CVE Numbers: CVE-2011-2692

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

An uninitialized memory read issue was found in the way libpng processed
certain PNG images that use the Physical Scale (sCAL) extension. An
attacker could create a specially-crafted PNG image that, when opened,
could cause an application using libpng to crash. (CVE-2011-2692)

Users of libpng and libpng10 should upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications using libpng or libpng10 must be restarted for the update 
to take effect.

SL4:
   i386
      libpng-1.2.7-8.el4.i386.rpm
      libpng-devel-1.2.7-8.el4.i386.rpm
      libpng10-1.0.16-9.el4.i386.rpm
      libpng10-devel-1.0.16-9.el4.i386.rpm
   x86_64
      libpng-1.2.7-8.el4.x86_64.rpm
      libpng-1.2.7-8.el4.i386.rpm
      libpng-devel-1.2.7-8.el4.x86_64.rpm
      libpng10-1.0.16-9.el4.x86_64.rpm
      libpng10-1.0.16-9.el4.i386.rpm
      libpng10-devel-1.0.16-9.el4.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV