Fedora 28: 2018-04eded822e Critical: libpng10 Integer Overflow DoS

The libpng10 package contains an old version of libpng, a library of functions

for creating and manipulating PNG (Portable Network Graphics) image format

files.

This package is needed if you want to run binaries that were linked dynamically

with libpng 1.0.x.

Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer

overflow and resultant divide-by-zero in the

pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to

cause a denial of service via a crafted PNG file.

* Fri Jul 13 2018 Paul Howarth - 1.0.69-5

- Fix the calculation of row_factor in png_check_chunk_length (CVE-2018-13785)

* Fri Jul 13 2018 Fedora Release Engineering - 1.0.69-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[ 1 ] Bug #1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1599943

su -c 'dnf upgrade --advisory FEDORA-2018-04eded822e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZ3N4X57QBQK7RIBYBEVPEKUSDHFALEV/