Fedora 10: 2009-7491 Moderate: Ocaml Camlimages Integer Overflow Issue

CamlImages is an image processing library for Objective CAML, which provides:

basic functions for image processing and loading/saving, various image file

formats (hence providing a translation facility from format to format),

and an interface with the Caml graphics library allows to display images

in the Graphics module screen and to mix them with Caml drawings

In addition, the library can handle huge images that cannot be (or can hardly

be) stored into the main memory (the library then automatically creates swap

files and escapes them to reduce the memory usage).

ChangeLog:

* Fri Jul 3 2009 Richard W.M. Jones - 3.0.1-3.fc10.2

- ocaml-camlimages: PNG reader multiple integer overflows

(CVE 2009-2295 / RHBZ#509531).

* Mon Nov 3 2008 Richard W.M. Jones - 3.0.1-3

- +BR gtk2-devel.

- +BR ocaml-x11.

* Mon Nov 3 2008 Richard W.M. Jones - 3.0.1-1

- Home page moved (fixes rhbz 468158).

- New upstream version 3.0.1 and multiple build fixes for this.

- License is really LGPLv2 with the OCaml linking exception.

- Removed the DESTDIR patch.

- Build tiff support.

- Run it through rpmlint and fix all problems.

References:

[ 1 ] Bug #509531 - CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)

https://bugzilla.redhat.com/show_bug.cgi?id=509531

This update can be installed with the "yum" update program. Use

su -c 'yum update ocaml-camlimages' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/