Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorybuffer overflowFedoraUbuntu 20.04: 2020-b3e94fc6ef Critical: Cygwin-Glibc Memory Leak
libpng 1.6.19 release, fixing CVE-2015-8126. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-97fc1797fa 2015-11-27 16:47:02.532586 -------------------------------------------------------------------------------- Name : mingw-libpng Product : Fedora 22 Version : 1.6.19 Release : 1.fc22 URL : http://www.libpng.org/pub/png/ Summary : MinGW Windows Libpng library Description : MinGW Windows Libpng library. -------------------------------------------------------------------------------- Update Information: libpng 1.6.19 release, fixing CVE-2015-8126 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1281756 - CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions https://bugzilla.redhat.com/show_bug.cgi?id=1281756 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mingw-libpng' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 27, 2015
•Critical
Fedora
202
security advisoryheap overflowimportant fixopenSUSE 11.4: 2012:0316-1 Important: Libpng Buffer Overflow
An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It includes one version update. includes one version update.. openSUSE Security Update: libpng12: Fixed a heap based buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0316-1 Rating: important References: #747311 Cross-References: CVE-2011-3026 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). libpng 1.2 was updated to 1.2.47 to fix this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libpng12-5846 libpng14-5847 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.2.47]: libpng12-0-1.2.47-0.8.1 libpng12-compat-devel-1.2.47-0.8.1 libpng12-devel-1.2.47-0.8.1 libpng14-14-1.4.4-3.6.1 libpng14-compat-devel-1.4.4-3.6.1 libpng14-devel-1.4.4-3.6.1 - openSUSE 11.4 (x86_64) [New Version: 1.2.47]: libpng12-0-32bit-1.2.47-0.8.1 libpng12-compat-devel-32bit-1.2.47-0.8.1 libpng12-devel-32bit-1.2.47-0.8.1 libpng14-14-32bit-1.4.4-3.6.1 libpng14-compat-devel-32bit-1.4.4-3.6.1 libpng14-devel-32bit-1.4.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2011-3026.html . Crucial openSUSE patch for libpng16 addresses critical memory corruptionvulnerabilities and enhances system security protocols.. openSUSE Security, libpng12 Update, Patch Management. . Severity: Important. LinuxSecurity.com Team
Feb 28, 2012
•Important
OpenSUSE
98
security advisorymoderateRed Hat Enterprise LinuxRed Hat Enterprise Linux 4 RHSA-2011:1103-01 Moderate: Libpng Image Issue
Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2011:1103-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1103.html Issue date: 2011-07-28 CVE Names: CVE-2011-2692 ==================================================================== 1. Summary: Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 mustbe restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 720612 - CVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm ia64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.ia64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.ia64.rpm libpng-devel-1.2.7-8.el4.ia64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.ia64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.ia64.rpm libpng10-devel-1.0.16-9.el4.ia64.rpm ppc: libpng-1.2.7-8.el4.ppc.rpm libpng-1.2.7-8.el4.ppc64.rpm libpng-debuginfo-1.2.7-8.el4.ppc.rpm libpng-debuginfo-1.2.7-8.el4.ppc64.rpm libpng-devel-1.2.7-8.el4.ppc.rpm libpng10-1.0.16-9.el4.ppc.rpm libpng10-1.0.16-9.el4.ppc64.rpm libpng10-debuginfo-1.0.16-9.el4.ppc.rpm libpng10-debuginfo-1.0.16-9.el4.ppc64.rpm libpng10-devel-1.0.16-9.el4.ppc.rpm s390: libpng-1.2.7-8.el4.s390.rpm libpng-debuginfo-1.2.7-8.el4.s390.rpm libpng-devel-1.2.7-8.el4.s390.rpm libpng10-1.0.16-9.el4.s390.rpm libpng10-debuginfo-1.0.16-9.el4.s390.rpm libpng10-devel-1.0.16-9.el4.s390.rpm s390x: libpng-1.2.7-8.el4.s390.rpm libpng-1.2.7-8.el4.s390x.rpm libpng-debuginfo-1.2.7-8.el4.s390.rpm libpng-debuginfo-1.2.7-8.el4.s390x.rpm libpng-devel-1.2.7-8.el4.s390x.rpm libpng10-1.0.16-9.el4.s390.rpm libpng10-1.0.16-9.el4.s390x.rpm libpng10-debuginfo-1.0.16-9.el4.s390.rpm libpng10-debuginfo-1.0.16-9.el4.s390x.rpm libpng10-devel-1.0.16-9.el4.s390x.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm ia64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.ia64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.ia64.rpm libpng-devel-1.2.7-8.el4.ia64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.ia64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.ia64.rpm libpng10-devel-1.0.16-9.el4.ia64.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm ia64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.ia64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.ia64.rpm libpng-devel-1.2.7-8.el4.ia64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.ia64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.ia64.rpm libpng10-devel-1.0.16-9.el4.ia64.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-2692 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOMamHXlSAg2UNWIIRAhn5AKDDT/GzTFyFxzVNykH6OtP5/hnYcwCeNFBW QtBcCi5n9hbtLOvLu93W/nc=7tmH -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 28, 2011
Red Hat
98
security advisoryRed Hatmoderate severityRed Hat: RHSA-2009:0340-01 Moderate: libpng Memory Flaw
Updated libpng and libpng10 packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2009:0340-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0340.html Issue date: 2009-03-04 CVE Names: CVE-2009-0040 ==================================================================== 1. Summary: Updated libpng and libpng10 packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that allpreviously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 486355 - CVE-2009-0040 libpng arbitrary free() flaw 6. Package List: Red Hat Enterprise Linux AS version3: Source: i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm ia64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.ia64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.ia64.rpm libpng-devel-1.2.2-29.ia64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.ia64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.ia64.rpm libpng10-devel-1.0.13-20.ia64.rpm ppc: libpng-1.2.2-29.ppc.rpm libpng-1.2.2-29.ppc64.rpm libpng-debuginfo-1.2.2-29.ppc.rpm libpng-debuginfo-1.2.2-29.ppc64.rpm libpng-devel-1.2.2-29.ppc.rpm libpng10-1.0.13-20.ppc.rpm libpng10-1.0.13-20.ppc64.rpm libpng10-debuginfo-1.0.13-20.ppc.rpm libpng10-debuginfo-1.0.13-20.ppc64.rpm libpng10-devel-1.0.13-20.ppc.rpm s390: libpng-1.2.2-29.s390.rpm libpng-debuginfo-1.2.2-29.s390.rpm libpng-devel-1.2.2-29.s390.rpm libpng10-1.0.13-20.s390.rpm libpng10-debuginfo-1.0.13-20.s390.rpm libpng10-devel-1.0.13-20.s390.rpm s390x: libpng-1.2.2-29.s390.rpm libpng-1.2.2-29.s390x.rpm libpng-debuginfo-1.2.2-29.s390.rpm libpng-debuginfo-1.2.2-29.s390x.rpm libpng-devel-1.2.2-29.s390x.rpm libpng10-1.0.13-20.s390.rpm libpng10-1.0.13-20.s390x.rpm libpng10-debuginfo-1.0.13-20.s390.rpm libpng10-debuginfo-1.0.13-20.s390x.rpm libpng10-devel-1.0.13-20.s390x.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm Red Hat Desktop version3: Source: i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm ia64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.ia64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.ia64.rpm libpng-devel-1.2.2-29.ia64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.ia64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.ia64.rpm libpng10-devel-1.0.13-20.ia64.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm Red Hat Enterprise Linux WS version3: Source: i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm ia64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.ia64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.ia64.rpm libpng-devel-1.2.2-29.ia64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.ia64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.ia64.rpm libpng10-devel-1.0.13-20.ia64.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0040 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Mitigate system vulnerabilities in Red Hat Enterprise Linux 3 by upgrading the libpng library. Ensure the incorporation of all recent security updates and patches to maintain stability.. Red Hat Security, libpng Memory Flaw, Patch Updates. . LinuxSecurity.com Team
Mar 04, 2009
Red Hat
98
security advisorybuffer overflowRed Hat Enterprise LinuxRed Hat Enterprise Linux 4: RHSA-2006:0205-01 Moderate: Libpng Overflow
Updated libpng packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2006:0205-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0205.html Issue date: 2006-02-13 Updated on: 2006-02-13 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-0481 - ---------------------------------------------------------------------1. Summary: Updated libpng packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-0481 to this issue. Please note that the vunerable libpng function is only used by TeTeX and XEmacs on Red Hat Enterprise Linux 4. All users of libpng are advised to update to these updated packages which contain a backported patch that is not vulnerable to thisissue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 179455 - CVE-2006-0481 libpng heap based buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: 3be4c7907d2075acfcb1b98e4cbb5372 libpng-1.2.7-1.el4.2.src.rpm i386: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 5243972c9cfff70de5928919a0edc605 libpng-devel-1.2.7-1.el4.2.i386.rpm ia64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 359febeb55ed043c5267085507bd2a49 libpng-1.2.7-1.el4.2.ia64.rpm a6c282c1672b014f95b8000fc90d9f88 libpng-devel-1.2.7-1.el4.2.ia64.rpm ppc: aba415ffe4d33117e6fab817530abdfe libpng-1.2.7-1.el4.2.ppc.rpm ae99d2ab1f8e5c729e236d76966ea5e9 libpng-1.2.7-1.el4.2.ppc64.rpm afbee8e15d188ca505731b17f7285ac8 libpng-devel-1.2.7-1.el4.2.ppc.rpm s390: dae631134524c705ba50b49134692f20 libpng-1.2.7-1.el4.2.s390.rpm 06ea4d0701eca6a99e7e2d88f2529f6c libpng-devel-1.2.7-1.el4.2.s390.rpm s390x: dae631134524c705ba50b49134692f20 libpng-1.2.7-1.el4.2.s390.rpm 6442febc585676b63e4f47abad45a524 libpng-1.2.7-1.el4.2.s390x.rpm 4cb0b4c9abce9db24a569fdd7e6e5e2f libpng-devel-1.2.7-1.el4.2.s390x.rpm x86_64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm d950f5c564d4424dd1706c8b0333a084 libpng-1.2.7-1.el4.2.x86_64.rpm f5d9e78727edfbf9b8dc376291160c02 libpng-devel-1.2.7-1.el4.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 3be4c7907d2075acfcb1b98e4cbb5372 libpng-1.2.7-1.el4.2.src.rpm i386: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 5243972c9cfff70de5928919a0edc605 libpng-devel-1.2.7-1.el4.2.i386.rpm x86_64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm d950f5c564d4424dd1706c8b0333a084 libpng-1.2.7-1.el4.2.x86_64.rpm f5d9e78727edfbf9b8dc376291160c02 libpng-devel-1.2.7-1.el4.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 3be4c7907d2075acfcb1b98e4cbb5372 libpng-1.2.7-1.el4.2.src.rpm i386: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 5243972c9cfff70de5928919a0edc605 libpng-devel-1.2.7-1.el4.2.i386.rpm ia64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 359febeb55ed043c5267085507bd2a49 libpng-1.2.7-1.el4.2.ia64.rpm a6c282c1672b014f95b8000fc90d9f88 libpng-devel-1.2.7-1.el4.2.ia64.rpm x86_64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm d950f5c564d4424dd1706c8b0333a084 libpng-1.2.7-1.el4.2.x86_64.rpm f5d9e78727edfbf9b8dc376291160c02 libpng-devel-1.2.7-1.el4.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 3be4c7907d2075acfcb1b98e4cbb5372 libpng-1.2.7-1.el4.2.src.rpm i386: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 5243972c9cfff70de5928919a0edc605 libpng-devel-1.2.7-1.el4.2.i386.rpm ia64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm 359febeb55ed043c5267085507bd2a49 libpng-1.2.7-1.el4.2.ia64.rpm a6c282c1672b014f95b8000fc90d9f88 libpng-devel-1.2.7-1.el4.2.ia64.rpm x86_64: 61f4bad424d1df53fed448bef881f640 libpng-1.2.7-1.el4.2.i386.rpm d950f5c564d4424dd1706c8b0333a084 libpng-1.2.7-1.el4.2.x86_64.rpm f5d9e78727edfbf9b8dc376291160c02 libpng-devel-1.2.7-1.el4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2006-0481 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. . RedHat released a new version of libpng to mitigate a moderate security threat stemming from a buffer overflow vulnerability that impacts image processing.. Red Hat, libpng update, buffer overflow, image processing. . LinuxSecurity.com Team
Feb 13, 2006
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!