Fedora Legacy Test Update Notification: libpng

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-1943
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1943
2004-12-18
---------------------------------------------------------------------

Name         : libpng
7.3 Versions : libpng-1.0.15-0.7x.1.legacy
9 Versions   : libpng-1.2.2-20.2.legacy, libpng10-1.0.15-0.9.1.legacy
fc1 Versions : libpng-1.2.5-7.1.legacy, libpng10-1.0.15-7.1.legacy
Summary      : A library of functions for manipulating PNG image format
               files.
Description  :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

---------------------------------------------------------------------
Update Information:

Updated libpng packages that fix several issues are now available.

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

During a source code audit, Chris Evans discovered several buffer
overflows in libpng. An attacker could create a carefully crafted PNG
file in such a way that it would cause an application linked with libpng
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0597 to these issues.

In addition, this audit discovered a potential NULL pointer dereference
in libpng (CAN-2004-0598) and several integer overflow issues
(CAN-2004-0599). An attacker could create a carefully crafted PNG file
in such a way that it would cause an application linked with libpng to
crash when the file was opened by the victim.

For users of Red Hat Linux 9 these packages also include a forgotten
patch for the out of bounds memory access flaw (CAN-2002-1363 and
CAN-2004-0768).

All users are advised to update to the updated libpng packages which
contain backported security patches and are not vulnerable to these
issues.

---------------------------------------------------------------------
Changelogs

rh73 libpng:
* Mon Oct 25 2004 Charles R. Anderson <cra@xxxxxxx> 1.0.15-0.7x.1.legacy
- Build for RH 7.x

* Fri Oct 22 2004 Charles R. Anderson <cra@xxxxxxx> 1.0.15-0
- Sync RH 9 libpng10 and RH 7.x libpng package specs

* Thu Oct 21 2004 Charles R. Anderson <cra@xxxxxxx> 1.0.14-0.7x.8.legacy
- Use upstream security patch 1.2.5 that is recommended for use
  with release 1.0.14.
- Fix previous two changelog entry's formatting

* Thu Aug 12 2004 Dave Botsch <dwb7@xxxxxxxxxxxxxxxx>
- Added legacy keyword to release

* Fri Jul 23 2004 Matthias Clasen <mclasen@xxxxxxxxxx> 1.0.14-7
- Replace the patches for individual security problems with the
  cumulative patch issued by the png developers.

rh9 libpng:
* Wed Aug 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.2.2-20.2.legacy
- Replace the patches for individual security problems with the
cumulative patch issued by the png developers.
Fixes CAN-2004-0597, CAN-2004-0598, CAN-2004-0599.

* Fri Jun 18 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.2.2-20.1.legacy
- Added better version of the patch for CAN-2002-1363

rh9 libpng10:
* Mon Oct 25 2004 Charles R. Anderson <cra@xxxxxxx> 1.0.15-0.9.1.legacy
- Build for RH 9

* Fri Oct 22 2004 Charles R. Anderson <cra@xxxxxxx> 1.0.15-0
- Sync RH 9 libpng10 and RH 7.x libpng package specs

* Thu Oct 21 2004 Charles R. Anderson <cra@xxxxxxx> 1.0.14-0.7x.8.legacy
- Use upstream security patch 1.2.5 that is recommended for use
  with release 1.0.14.
- Fix previous two changelog entry's formatting

* Thu Aug 12 2004 Dave Botsch <dwb7@xxxxxxxxxxxxxxxx>
- Added legacy keyword to release

* Fri Jul 23 2004 Matthias Clasen <mclasen@xxxxxxxxxx> 1.0.14-7
- Replace the patches for individual security problems with the
  cumulative patch issued by the png developers.

fc1 libpng:
* Mon Nov 29 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2:1.2.5-7.1.legacy
- apply patch to limit dimensions (FL #1943)

* Fri Jul 23 2004 Matthias Clasen <mclasen@xxxxxxxxxx> 2:1.2.5-7
- Replace the patches for individual security problems with the
  cumulative patch issued by the png developers.

fc1 libpng10:
* Mon Nov 29 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.0.15-7.1.legacy
- apply patch to limit dimensions (FL #1943)

* Fri Jul 23 2004 Matthias Clasen <mclasen@xxxxxxxxxx> 1.0.15-7
- Replace the patches for individual security problems with the
  cumulative patch issued by the png developers.
- Build for FC1

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

7.3:
1c286b40e2ad76146a9a4480e9db26bc04aaadb7 redhat/7.3/updates-testing/i386/libpng-1.0.15-0.7x.1.legacy.i386.rpm
0dc1beac1fa548eeb4d59fab754c4b42e05ff541 redhat/7.3/updates-testing/i386/libpng-devel-1.0.15-0.7x.1.legacy.i386.rpm
e291de4ff9cfdb558b38722a12481c3807f21983 redhat/7.3/updates-testing/SRPMS/libpng-1.0.15-0.7x.1.legacy.src.rpm

9:
d71f34a57a80386cdbe2bc9738f0e2b778c639e7 redhat/9/updates-testing/i386/libpng10-1.0.15-0.9.1.legacy.i386.rpm
e89ca650e1839e4ad3155097cf6c70e239befe7c redhat/9/updates-testing/i386/libpng10-devel-1.0.15-0.9.1.legacy.i386.rpm
90c20c26388d2a32fb84433bff3d3abcd7010425 redhat/9/updates-testing/i386/libpng-1.2.2-20.2.legacy.i386.rpm
360acd84d0b7e8bdf7e3358d3235bc67c28b1ba8 redhat/9/updates-testing/i386/libpng-devel-1.2.2-20.2.legacy.i386.rpm
cdd4dd5844581c8aa9b16e9738f9529f77a9804d redhat/9/updates-testing/SRPMS/libpng10-1.0.15-0.9.1.legacy.src.rpm
aacfc366fee56b0307be0afe1682cdca4160b2b2 redhat/9/updates-testing/SRPMS/libpng-1.2.2-20.2.legacy.src.rpm

fc1:
0afca5b729899b1fedeed263ddd2ac7aa506eb5b fedora/1/updates-testing/i386/libpng10-1.0.15-7.1.legacy.i386.rpm
6a7a6ecaa0435e2254e48bc5ea4c2d1724d5b160 fedora/1/updates-testing/i386/libpng10-devel-1.0.15-7.1.legacy.i386.rpm
8e28d39029ff88510d3899c2848273a76b6e71f4 fedora/1/updates-testing/i386/libpng-1.2.5-7.1.legacy.i386.rpm
405443b2e0e56b3d5e5f3f9b6a89bd3a83c24afb fedora/1/updates-testing/i386/libpng-devel-1.2.5-7.1.legacy.i386.rpm
8c0ab7f220cfd7022f682772098d5efbd2811526 fedora/1/updates-testing/SRPMS/libpng10-1.0.15-7.1.legacy.src.rpm
6a6643b6e1f01e6f8540f36e9a7518c44826a783 fedora/1/updates-testing/SRPMS/libpng-1.2.5-7.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux