-------------------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2007-2521 2007-10-11 22:55:35.240850 -------------------------------------------------------------------------------- Name : libpng10 Product : Fedora 7 Version : 1.0.29 Release : 1.fc7 URL : http://www.libpng.org/pub/png/libpng.html Summary : Old version of libpng, needed to run old binaries Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. -------------------------------------------------------------------------------- Update Information: Certain chunk handlers in libpng10 before 1.0.29 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. http://secunia.com/advisories/27093 http://www.frsirt.com/english/advisories/2007/3390 http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement This update to 1.0.29 addresses these issues. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2007 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.29-1 - update to 1.0.29 * Tue Sep 11 2007 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.28-1 - update to 1.0.28 * Mon Aug 20 2007 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.27-1 - update to 1.0.27 - add new file ANNOUNCE, which lists changes since last release - use shortname "zlib" for the license tag (package is zlib/libpng licensed) - drop pkgconf patch, which should no longer be needed -------------------------------------------------------------------------------- References: [ 1 ] Bug #327791 - CVE-2007-5269 libpng DoS via multiple out-of-bounds reads https://bugzilla.redhat.com/show_bug.cgi?id=327791 [ 2 ] CVE-2007-5269 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 -------------------------------------------------------------------------------- Updated packages: 0dddd75819b6bd2f6a2e2104fe82e0acd94fd180 libpng10-devel-1.0.29-1.fc7.ppc64.rpm 6079f9c55085f62bf2e1bc5ad3ac1025de216282 libpng10-debuginfo-1.0.29-1.fc7.ppc64.rpm 0b146e9285af5905b743e5524c5edb441503b42e libpng10-1.0.29-1.fc7.ppc64.rpm 842e1efaa6ca4a4b783e40f9ae72623f84490cd7 libpng10-debuginfo-1.0.29-1.fc7.i386.rpm 256ad47b46257de67897cf36514ba0984d71efa4 libpng10-1.0.29-1.fc7.i386.rpm 2ab451e2117e5e017b91c6a79a86e97f41b3c500 libpng10-devel-1.0.29-1.fc7.i386.rpm 685bd2898df5fd32965cbeeb65291cbdeba4a68e libpng10-devel-1.0.29-1.fc7.x86_64.rpm 862e399944ab8d60d6490e7169555f435e3a04f3 libpng10-1.0.29-1.fc7.x86_64.rpm 0e586e948f42fc948d3fd737fb44b2d09ffe294e libpng10-debuginfo-1.0.29-1.fc7.x86_64.rpm e0599552087d9bf7a5a78aa64f00b767048defc8 libpng10-devel-1.0.29-1.fc7.ppc.rpm 7f91839a840080d1d1b31863e1bb889e37256ebc libpng10-1.0.29-1.fc7.ppc.rpm 4ef0e0830875ecea2b206eab2ea629bc126012f1 libpng10-debuginfo-1.0.29-1.fc7.ppc.rpm 65558acbcd59927d15d04b100e4e68594422739d libpng10-1.0.29-1.fc7.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum --enablerepo=updates-testing update libpng10' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. -------------------------------------------------------------------------------- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
