Subject: | |
From: | |
Reply To: | |
Date: | Thu, 15 Jul 2010 10:17:19 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: libpng security update
Issue date: 2010-07-14
CVE Names: CVE-2009-2042 CVE-2010-0205 CVE-2010-1205
CVE-2010-2249
A memory corruption flaw was found in the way applications, using the
libpng library and its progressive reading method, decoded certain PNG
images. An attacker could create a specially-crafted PNG image that,
when opened, could cause an application using libpng to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-1205)
A denial of service flaw was found in the way applications using the
libpng library decoded PNG images that have certain, highly compressed
ancillary chunks. An attacker could create a specially-crafted PNG image
that could cause an application using libpng to consume excessive
amounts of memory and CPU time, and possibly crash. (CVE-2010-0205)
A memory leak flaw was found in the way applications using the libpng
library decoded PNG images that use the Physical Scale (sCAL) extension.
An attacker could create a specially-crafted PNG image that could cause
an application using libpng to exhaust all available memory and possibly
crash or exit. (CVE-2010-2249)
A sensitive information disclosure flaw was found in the way
applications using the libpng library processed 1-bit interlaced PNG
images. An attacker could create a specially-crafted PNG image that
could cause an application using libpng to disclose uninitialized
memory. (CVE-2009-2042)
All running applications using libpng or libpng10 must be restarted for
the update to take effect.
SL 3.0.x
SRPMS:
libpng-1.2.2-30.src.rpm
libpng10-1.0.13-21.src.rpm
i386:
libpng10-1.0.13-21.i386.rpm
libpng10-devel-1.0.13-21.i386.rpm
libpng-1.2.2-30.i386.rpm
libpng-devel-1.2.2-30.i386.rpm
x86_64:
libpng10-1.0.13-21.i386.rpm
libpng10-1.0.13-21.x86_64.rpm
libpng10-devel-1.0.13-21.x86_64.rpm
libpng-1.2.2-30.i386.rpm
libpng-1.2.2-30.x86_64.rpm
libpng-devel-1.2.2-30.x86_64.rpm
SL 4.x
SRPMS:
libpng-1.2.7-3.el4_8.3.src.rpm
libpng10-1.0.16-3.el4_8.4.src.rpm
i386:
libpng10-1.0.16-3.el4_8.4.i386.rpm
libpng10-devel-1.0.16-3.el4_8.4.i386.rpm
libpng-1.2.7-3.el4_8.3.i386.rpm
libpng-devel-1.2.7-3.el4_8.3.i386.rpm
x86_64:
libpng10-1.0.16-3.el4_8.4.i386.rpm
libpng10-1.0.16-3.el4_8.4.x86_64.rpm
libpng10-devel-1.0.16-3.el4_8.4.x86_64.rpm
libpng-1.2.7-3.el4_8.3.i386.rpm
libpng-1.2.7-3.el4_8.3.x86_64.rpm
libpng-devel-1.2.7-3.el4_8.3.x86_64.rpm
SL 5.x
SRPMS:
libpng-1.2.10-7.1.el5_5.3.src.rpm
i386:
libpng-1.2.10-7.1.el5_5.3.i386.rpm
libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm
x86_64:
libpng-1.2.10-7.1.el5_5.3.i386.rpm
libpng-1.2.10-7.1.el5_5.3.x86_64.rpm
libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm
libpng-devel-1.2.10-7.1.el5_5.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|