Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Security Announce] [ MDVSA-2009:051 ] libpng

Recommended Posts

This is a multi-part message in MIME format...

 

------------=_1235421382-6173-1383

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:051

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : libpng

Date : February 23, 2009

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A number of vulnerabilities have been found and corrected in libpng:

 

Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was

allready fixed in Mandriva Linux 2009.0.

 

Fix the function png_check_keyword() that allowed setting arbitrary

bytes in the process memory to 0 (CVE-2008-5907).

 

Fix a potential DoS (Denial of Service) or to potentially compromise

an application using the library (CVE-2009-0040).

 

The updated packages have been patched to prevent this.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

998ac96ae507c96bc3bf5180319412e7 2008.0/i586/libpng3-1.2.22-0.3mdv2008.0.i586.rpm

acbb66ecf6c7ad53d171aa3958d58abf 2008.0/i586/libpng-devel-1.2.22-0.3mdv2008.0.i586.rpm

c2648d20ebe13e5d954f24876a14e513 2008.0/i586/libpng-source-1.2.22-0.3mdv2008.0.i586.rpm

388af16c0f685b8cd726e0ace52b60ce 2008.0/i586/libpng-static-devel-1.2.22-0.3mdv2008.0.i586.rpm

b27dd859afb25f890d7d6b2030dc5271 2008.0/SRPMS/libpng-1.2.22-0.3mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

7c69863bb4054d737a898e039bcd61d4 2008.0/x86_64/lib64png3-1.2.22-0.3mdv2008.0.x86_64.rpm

99b8f97c3f5df41a0b72cb6ca1962d60 2008.0/x86_64/lib64png-devel-1.2.22-0.3mdv2008.0.x86_64.rpm

823d4ae86d6367d4364ad7f7ba0285f6 2008.0/x86_64/lib64png-static-devel-1.2.22-0.3mdv2008.0.x86_64.rpm

110e19b8057b5d3711476e66ce27a8c4 2008.0/x86_64/libpng-source-1.2.22-0.3mdv2008.0.x86_64.rpm

b27dd859afb25f890d7d6b2030dc5271 2008.0/SRPMS/libpng-1.2.22-0.3mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

1b179e2b3487869c27b207017dff48d3 2008.1/i586/libpng3-1.2.25-2.2mdv2008.1.i586.rpm

f7eab99997bb5141d479c6c503d9d1f6 2008.1/i586/libpng-devel-1.2.25-2.2mdv2008.1.i586.rpm

ca12104e547b7faf7ba1018ef244aa88 2008.1/i586/libpng-source-1.2.25-2.2mdv2008.1.i586.rpm

8902a48738d5729160f31e37fc46a9f2 2008.1/i586/libpng-static-devel-1.2.25-2.2mdv2008.1.i586.rpm

2a7f7d02d232ce9948359377ba1e1ffb 2008.1/SRPMS/libpng-1.2.25-2.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

2b1949ee8868bb7475310de66478640e 2008.1/x86_64/lib64png3-1.2.25-2.2mdv2008.1.x86_64.rpm

4abeaf3ca19d4660b5ee1d22451413d5 2008.1/x86_64/lib64png-devel-1.2.25-2.2mdv2008.1.x86_64.rpm

7aa2e1a738a12c633dcf1d1d5b7acd6e 2008.1/x86_64/lib64png-static-devel-1.2.25-2.2mdv2008.1.x86_64.rpm

702d85b49120f5422db08345fc697758 2008.1/x86_64/libpng-source-1.2.25-2.2mdv2008.1.x86_64.rpm

2a7f7d02d232ce9948359377ba1e1ffb 2008.1/SRPMS/libpng-1.2.25-2.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

db67f1e4b8a43986f03f718ad4d7120e 2009.0/i586/libpng3-1.2.31-2.1mdv2009.0.i586.rpm

02a423cae16e9c656129601f1ae69600 2009.0/i586/libpng-devel-1.2.31-2.1mdv2009.0.i586.rpm

f91a68467b81b3f532ef21b4ff9c9516 2009.0/i586/libpng-source-1.2.31-2.1mdv2009.0.i586.rpm

0f28993456fd4c012385aa11baba2f7e 2009.0/i586/libpng-static-devel-1.2.31-2.1mdv2009.0.i586.rpm

99962c17399bba390d4996e09f7cfd28 2009.0/SRPMS/libpng-1.2.31-2.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

6c9a8ddfc4872957863cad6b24e8a3ac 2009.0/x86_64/lib64png3-1.2.31-2.1mdv2009.0.x86_64.rpm

3d25e33a29512b1aca2ce738b8f5f349 2009.0/x86_64/lib64png-devel-1.2.31-2.1mdv2009.0.x86_64.rpm

a0e049c7090222715957c8db4bf102b5 2009.0/x86_64/lib64png-static-devel-1.2.31-2.1mdv2009.0.x86_64.rpm

7611de5e02c238f6b8338fd49e07fcfa 2009.0/x86_64/libpng-source-1.2.31-2.1mdv2009.0.x86_64.rpm

99962c17399bba390d4996e09f7cfd28 2009.0/SRPMS/libpng-1.2.31-2.1mdv2009.0.src.rpm

 

Corporate 3.0:

0ea2e361290b0c8aceb44c3534939ed5 corporate/3.0/i586/libpng3-1.2.5-10.11.C30mdk.i586.rpm

032c61ff00b460854757cd55b32d5d2a corporate/3.0/i586/libpng3-devel-1.2.5-10.11.C30mdk.i586.rpm

3bcfeddfcbb1c695a3a0a9b44850ad27 corporate/3.0/i586/libpng3-static-devel-1.2.5-10.11.C30mdk.i586.rpm

4bf80d3855abcfde33835c4bc4ebad4d corporate/3.0/SRPMS/libpng-1.2.5-10.11.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

57ee9252923d33d66a1787a9a68174a4 corporate/3.0/x86_64/lib64png3-1.2.5-10.11.C30mdk.x86_64.rpm

c8c47259e3eb68c1c71be2a90ac1cde9 corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.11.C30mdk.x86_64.rpm

2370808839b2f59ded6bc1b59f437801 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.11.C30mdk.x86_64.rpm

4bf80d3855abcfde33835c4bc4ebad4d corporate/3.0/SRPMS/libpng-1.2.5-10.11.C30mdk.src.rpm

 

Corporate 4.0:

778576940a74bd6db459c275cd2203e1 corporate/4.0/i586/libpng3-1.2.8-1.6.20060mlcs4.i586.rpm

c2a63382d99f8b9fb0d68f1ab21e5d21 corporate/4.0/i586/libpng3-devel-1.2.8-1.6.20060mlcs4.i586.rpm

820ff66e8fdad685d26f9180070f3c4c corporate/4.0/i586/libpng3-static-devel-1.2.8-1.6.20060mlcs4.i586.rpm

bcbfc6f4913e8fd5787428076f1a1a48 corporate/4.0/SRPMS/libpng-1.2.8-1.6.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

11d4794bd27fafcb127101bf7787ca15 corporate/4.0/x86_64/lib64png3-1.2.8-1.6.20060mlcs4.x86_64.rpm

64719027cd4bfa88a22bc8093708ac60 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.6.20060mlcs4.x86_64.rpm

f148fcfab25d6eab2cca7d990c0df781 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.6.20060mlcs4.x86_64.rpm

bcbfc6f4913e8fd5787428076f1a1a48 corporate/4.0/SRPMS/libpng-1.2.8-1.6.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

64eb92be451c217de475874e6877cf93 mnf/2.0/i586/libpng3-1.2.5-10.11.C30mdk.i586.rpm

c34ffb76d4dbbcabcce7b98aed909d20 mnf/2.0/i586/libpng3-devel-1.2.5-10.11.C30mdk.i586.rpm

bad230920945e3204e27b5ff52a9875c mnf/2.0/i586/libpng3-static-devel-1.2.5-10.11.C30mdk.i586.rpm

bd0355475f58e795b1bb8b9ec67ffdad mnf/2.0/SRPMS/libpng-1.2.5-10.11.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJotpVmqjQ0CJFipgRAmwfAJ9tDviMESsfI7z2eJQWNrQCDN/WGgCg7aKV

0icY9xLHmK7LH2kepSQuc34=

=uk3n

-----END PGP SIGNATURE-----

 

 

------------=_1235421382-6173-1383

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1235421382-6173-1383--

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×