libpng security update

CentOS Errata and Security Advisory CESA-2006:0205

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-0481 to this issue.

Please note that the vunerable libpng function is only used by TeTeX and
XEmacs on Red Hat Enterprise Linux 4.

All users of libpng are advised to update to these updated packages which
contain a backported patch that is not vulnerable to this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-February/074801.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074808.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074811.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074815.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074819.html
https://lists.centos.org/pipermail/centos-announce/2006-February/087555.html

Affected packages:
libpng
libpng-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0205