Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Scientific Linux: CVE-2011-3048 Moderate Update for Libpng

Scientific Large Esm H446
Moderate: libpng security update
Date: Tue, 24 Apr 2012 10:07:52 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
aide-0.13.1-6.el5_8.2.i386.rpm
autofs-5.0.1-0.rc2.164.el5_8.i386.rpm
cman-2.0.115-96.el5_8.3.i386.rpm
cman-devel-2.0.115-96.el5_8.3.i386.rpm
glibc-2.5-81.el5_8.2.i386.rpm
glibc-2.5-81.el5_8.2.i686.rpm
glibc-common-2.5-81.el5_8.2.i386.rpm
glibc-devel-2.5-81.el5_8.2.i386.rpm
glibc-headers-2.5-81.el5_8.2.i386.rpm
glibc-utils-2.5-81.el5_8.2.i386.rpm
libgcrypt-1.4.4-5.el5_8.2.i386.rpm
libgcrypt-devel-1.4.4-5.el5_8.2.i386.rpm
nscd-2.5-81.el5_8.2.i386.rpm
xulrunner-10.0.3-2.el5_8.i386.rpm
xulrunner-devel-10.0.3-2.el5_8.i386.rpm

x86_64:
aide-0.13.1-6.el5_8.2.x86_64.rpm
autofs-5.0.1-0.rc2.164.el5_8.x86_64.rpm
cman-2.0.115-96.el5_8.3.x86_64.rpm
cman-devel-2.0.115-96.el5_8.3.i386.rpm
cman-devel-2.0.115-96.el5_8.3.x86_64.rpm
glibc-2.5-81.el5_8.2.i686.rpm
glibc-2.5-81.el5_8.2.x86_64.rpm
glibc-common-2.5-81.el5_8.2.x86_64.rpm
glibc-devel-2.5-81.el5_8.2.i386.rpm
glibc-devel-2.5-81.el5_8.2.x86_64.rpm
glibc-headers-2.5-81.el5_8.2.x86_64.rpm
glibc-utils-2.5-81.el5_8.2.x86_64.rpm
libgcrypt-1.4.4-5.el5_8.2.i386.rpm
libgcrypt-1.4.4-5.el5_8.2.x86_64.rpm
libgcrypt-devel-1.4.4-5.el5_8.2.i386.rpm
libgcrypt-devel-1.4.4-5.el5_8.2.x86_64.rpm
nscd-2.5-81.el5_8.2.x86_64.rpm
xulrunner-10.0.3-2.el5_8.i386.rpm
xulrunner-10.0.3-2.el5_8.x86_64.rpm
xulrunner-devel-10.0.3-2.el5_8.i386.rpm
xulrunner-devel-10.0.3-2.el5_8.x86_64.rpm
Date: Wed, 25 Apr 2012 11:34:09 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Patrick Riehecky 
Subject: Security ERRATA Moderate: libpng on SL5.x, SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: libpng security update
Issue Date: 2012-04-25
CVE Numbers: CVE-2011-3048

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap-based buffer overflow flaw was found in the way libpng processed
tEXt chunks in PNG image files. An attacker could create a
specially-crafted PNG image file that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-3048)

Users of libpng should upgrade to these updated packages, which correct
this issue. For Scientific Linux 5, they contain a backported
patch. For Scientific Linux 6, they upgrade libpng to version
1.2.49. All running applications using libpng must be restarted for the
update to take effect.

SL5:
 i386
 libpng-1.2.10-17.el5_8.i386.rpm
 libpng-debuginfo-1.2.10-17.el5_8.i386.rpm
 libpng-devel-1.2.10-17.el5_8.i386.rpm
 x86_64
 libpng-1.2.10-17.el5_8.i386.rpm
 libpng-1.2.10-17.el5_8.x86_64.rpm
 libpng-debuginfo-1.2.10-17.el5_8.i386.rpm
 libpng-debuginfo-1.2.10-17.el5_8.x86_64.rpm
 libpng-devel-1.2.10-17.el5_8.i386.rpm
 libpng-devel-1.2.10-17.el5_8.x86_64.rpm
SL6:
 i386
 libpng-1.2.49-1.el6_2.i686.rpm
 libpng-debuginfo-1.2.49-1.el6_2.i686.rpm
 libpng-devel-1.2.49-1.el6_2.i686.rpm
 libpng-static-1.2.49-1.el6_2.i686.rpm
 x86_64
 libpng-1.2.49-1.el6_2.i686.rpm
 libpng-1.2.49-1.el6_2.x86_64.rpm
 libpng-debuginfo-1.2.49-1.el6_2.i686.rpm
 libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm
 libpng-devel-1.2.49-1.el6_2.i686.rpm
 libpng-devel-1.2.49-1.el6_2.x86_64.rpm
 libpng-static-1.2.49-1.el6_2.x86_64.rpm

- Scientific Linux Development Team
Your message here