Synopsis: Important: libpng security update Issue date: 2010-07-14 CVE Names: CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially-crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially-crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) All running applications using libpng or libpng10 must be restarted for the update to take effect. SL 3.0.x SRPMS: libpng-1.2.2-30.src.rpm libpng10-1.0.13-21.src.rpm i386: libpng10-1.0.13-21.i386.rpm libpng10-devel-1.0.13-21.i386.rpm libpng-1.2.2-30.i386.rpm libpng-devel-1.2.2-30.i386.rpm x86_64: libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.x86_64.rpm libpng10-devel-1.0.13-21.x86_64.rpm libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.x86_64.rpm libpng-devel-1.2.2-30.x86_64.rpm SL 4.x SRPMS: libpng-1.2.7-3.el4_8.3.src.rpm libpng10-1.0.16-3.el4_8.4.src.rpm i386: libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-devel-1.0.16-3.el4_8.4.i386.rpm libpng-1.2.7-3.el4_8.3.i386.rpm libpng-devel-1.2.7-3.el4_8.3.i386.rpm x86_64: libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.x86_64.rpm libpng10-devel-1.0.16-3.el4_8.4.x86_64.rpm libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.x86_64.rpm libpng-devel-1.2.7-3.el4_8.3.x86_64.rpm SL 5.x SRPMS: libpng-1.2.10-7.1.el5_5.3.src.rpm i386: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm x86_64: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-1.2.10-7.1.el5_5.3.x86_64.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.x86_64.rpm -Connie Sieh -Troy Dawson