Ubuntu 11: 2010-1173 Moderate: OpenSSL Sensitive Data Bypass Patch

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Fixes CVE-2009-0040

* Wed Feb 25 2009 Tom Lane 2:1.2.35-1

- Update to libpng 1.2.35, to fix CVE-2009-0040

* Fri Jan 9 2009 Tom Lane 2:1.2.34-1

- Update to libpng 1.2.34

* Sun Nov 2 2008 Tom Lane 2:1.2.33-1

- Update to libpng 1.2.33

* Sat May 31 2008 Tom Lane 2:1.2.29-1

- Update to libpng 1.2.29 (fixes low-priority security issue CVE-2008-1382)

Related: #441839

[ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw

https://bugzilla.redhat.com/show_bug.cgi?id=486355

su -c 'yum update libpng' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/