Red Hat 8: 2010-1980 Urgent: libjpeg Buffer Overflow Vulnerability

The libpng10 package contains an old version of libpng, a library of functions

for creating and manipulating PNG (Portable Network Graphics) image format

files.

This package is needed if you want to run binaries that were linked dynamically

with libpng 1.0.x.

This release fixes a vulnerability in which some arrays of pointers are not

initialized prior to using malloc to define the pointers. If the application

runs out of memory while executing the allocation loop (which can be forced by

malevolent input), libpng10 will jump to a cleanup process that attempts to free

all of the pointers, including the undefined ones. This issue has been

assigned CVE-2009-0040

* Thu Feb 19 2009 Paul Howarth 1.0.43-1

- update to 1.0.43 (clear pointer arrays created using png_malloc())

* Fri Dec 19 2008 Paul Howarth 1.0.42-1

- update to 1.0.42 (various minor bugfixes and code cleanups)

[ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw

https://bugzilla.redhat.com/show_bug.cgi?id=486355

su -c 'yum update libpng10' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/