Slackware: SSA:2012-206-01 Critical Libpng Memory Corruption Issue
slackware
July 25, 2012
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues
Summary
Here are the details from the Slackware 13.37 ChangeLog: patches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: https://www.cve.org/CVERecord?id=CVE-2011-3045 https://www.cve.org/CVERecord?id=CVE-2011-3048 https://www.cve.org/CVERecord?id=CVE-2012-3386 (* Security fix *)
Topics Covered
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.50-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.50-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.50-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.50-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.50-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.c...
MD5 Signatures
Slackware 8.1 package:
284b6e6cbd863a3dcfedeb3f7ada3d13 libpng-1.2.50-i386-1_slack8.1.tgz
Slackware 9.0 package:
27933d103db0ec5d2e32469e5073d408 libpng-1.2.50-i386-1_slack9.0.tgz
Slackware 9.1 package:
d7b029366f0f70c218b49101df56cafb libpng-1.2.50-i486-1_slack9.1.tgz
Slackware 10.0 package:
3de3405777a72d3a7d72991c4489853e libpng-1.2.50-i486-1_slack10.0.tgz
Slackware 10.1 package:
e6d10a03b279b2138cab9383e638b621 libpng-1.2.50-i486-1_slack10.1.tgz
Slackware 10.2 package:
524e3febb22566c2b3131ca1eee7a385 libpng-1.2.50-i486-1_slack10.2.tgz
Slackware 11.0 package:
189f441d29495f927143a7c47ec77afb libpng-1.2.50-i486-1_slack11.0.tgz
Slackware 12.0 package:
1e21c28ed8dea4db2d4f8cfc00b858d9 libpng-1.2.50-i486-1_slack12.0.tgz
Slackware 12.1 package:
608b1c9f6426159a60722cd23ece3980 libpng-1.2.50-i486-1_slack12.1.tgz
Slackware 12.2 package:
b1e9950108aa9d2800d639002e6b77a6 libpng-1.2.50-i486-1_slack12.2.tgz
Slackware 13.0 package:
ae6b82cf5487bdc46422650ba374ff41 libpng-1.2.50-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
409da0ddfd159dd970cccf1c9dee251b libpng-1.2.50-x86_64-1_slack13.0.txz
Slackware 13.1 package:
3462a6eb530d084afcd20837b23d0ac7 libpng-1.4.12-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
c3058ef9d075ef9083ee7d7a977e6582 libpng-1.4.12-x86_64-1_slack13.1.txz
Slackware 13.37 package:
e9191494e871534e11ec5020f8e72593 libpng-1.4.12-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
0fea01d53de95669592e9a037c3dc4b9 libpng-1.4.12-x86_64-1_slack13.37.txz
Slackware -current package:
29b9148f5beb384e944e34184d24ce59 l/libpng-1.4.12-i486-1.txz
Slackware x86_64 -current package:
1b546573b17ac7df03773856cc081692 l/libpng-1.4.12-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg libpng-1.4.12-i486-1_slack13.37.txz
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!