Stay Secure with the Latest Linux Advisories

security advisorymoderatearbitrary code execution

Scientific Linux: Security Advisory Moderate: libpng Buffer Overflow

Moderate: libpng security update. Date: Thu, 5 Mar 2009 15:19:39 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: libpng on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: libpng security update Issue date: 2009-03-04 CVE Names: CVE-2008-1382 CVE-2009-0040 A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) All running applications using libpng or libpng10 must be restarted for the update to take effect. SL 3.0.x SRPMS: libpng-1.2.2-29.src.rpm libpng10-1.0.13-20.src.rpm i386: libpng10-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm libpng-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm x86_64: libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm SL 4.x SRPMS: libpng-1.2.7-3.el4_7.2.src.rpm libpng10-1.0.16-3.el4_7.3.src.rpm i386: libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-devel-1.0.16-3.el4_7.3.i386.rpm libpng-1.2.7-3.el4_7.2.i386.rpm libpng-devel-1.2.7-3.el4_7.2.i386.rpm x86_64: libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.x86_64.rpm libpng10-devel-1.0.16-3.el4_7.3.x86_64.rpm libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.x86_64.rpm libpng-devel-1.2.7-3.el4_7.2.x86_64.rpm SL 5.x SRPMS: libpng-1.2.10-7.1.el5_3.2.src.rpm i386: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm x86_64: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-1.2.10-7.1.el5_3.2.x86_64.rpm libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm libpng-devel-1.2.10-7.1.el5_3.2.x86_64.rpm -Connie Sieh -Troy Dawson . An important libpng update has been issued to address security vulnerabilities that could lead to crashes or arbitrary code execution. Upgrade now to safeguard your systems from these threats. libpng security update, scientific linux advisory, application security flaws. . Severity: Important. LinuxSecurity.com Team

Mar 05, 2009 •Important Scientific Linux