[SECURITY] Fedora 7 Test Update: libpng10-1.0.29-1.fc7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--------------------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-2521
2007-10-11 22:55:35.240850
--------------------------------------------------------------------------------

Name        : libpng10
Product     : Fedora 7
Version     : 1.0.29
Release     : 1.fc7
URL         : http://www.libpng.org/pub/png/libpng.html
Summary     : Old version of libpng, needed to run old binaries
Description :
The libpng10 package contains an old version of libpng, a library of functions
for creating and manipulating PNG (Portable Network Graphics) image format
files.

This package is needed if you want to run binaries that were linked dynamically
with libpng 1.0.x.

--------------------------------------------------------------------------------
Update Information:

Certain chunk handlers in libpng10 before 1.0.29 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

http://secunia.com/advisories/27093
http://www.frsirt.com/english/advisories/2007/3390
http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement

This update to 1.0.29 addresses these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  5 2007 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.29-1
- update to 1.0.29
* Tue Sep 11 2007 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.28-1
- update to 1.0.28
* Mon Aug 20 2007 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.27-1
- update to 1.0.27
- add new file ANNOUNCE, which lists changes since last release
- use shortname "zlib" for the license tag (package is zlib/libpng licensed)
- drop pkgconf patch, which should no longer be needed
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #327791 - CVE-2007-5269 libpng DoS via multiple out-of-bounds reads
        https://bugzilla.redhat.com/show_bug.cgi?id=327791
  [ 2 ] CVE-2007-5269
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
--------------------------------------------------------------------------------
Updated packages:

0dddd75819b6bd2f6a2e2104fe82e0acd94fd180 libpng10-devel-1.0.29-1.fc7.ppc64.rpm
6079f9c55085f62bf2e1bc5ad3ac1025de216282 libpng10-debuginfo-1.0.29-1.fc7.ppc64.rpm
0b146e9285af5905b743e5524c5edb441503b42e libpng10-1.0.29-1.fc7.ppc64.rpm
842e1efaa6ca4a4b783e40f9ae72623f84490cd7 libpng10-debuginfo-1.0.29-1.fc7.i386.rpm
256ad47b46257de67897cf36514ba0984d71efa4 libpng10-1.0.29-1.fc7.i386.rpm
2ab451e2117e5e017b91c6a79a86e97f41b3c500 libpng10-devel-1.0.29-1.fc7.i386.rpm
685bd2898df5fd32965cbeeb65291cbdeba4a68e libpng10-devel-1.0.29-1.fc7.x86_64.rpm
862e399944ab8d60d6490e7169555f435e3a04f3 libpng10-1.0.29-1.fc7.x86_64.rpm
0e586e948f42fc948d3fd737fb44b2d09ffe294e libpng10-debuginfo-1.0.29-1.fc7.x86_64.rpm
e0599552087d9bf7a5a78aa64f00b767048defc8 libpng10-devel-1.0.29-1.fc7.ppc.rpm
7f91839a840080d1d1b31863e1bb889e37256ebc libpng10-1.0.29-1.fc7.ppc.rpm
4ef0e0830875ecea2b206eab2ea629bc126012f1 libpng10-debuginfo-1.0.29-1.fc7.ppc.rpm
65558acbcd59927d15d04b100e4e68594422739d libpng10-1.0.29-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum --enablerepo=updates-testing update libpng10' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux