Lucene search

K
centosCentOS ProjectCESA-2012:0523
HistoryApr 25, 2012 - 1:17 p.m.

libpng security update

2012-04-2513:17:13
CentOS Project
lists.centos.org
49

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.1%

CentOS Errata and Security Advisory CESA-2012:0523

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap-based buffer overflow flaw was found in the way libpng processed
tEXt chunks in PNG image files. An attacker could create a
specially-crafted PNG image file that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-3048)

Users of libpng should upgrade to these updated packages, which correct
this issue. For Red Hat Enterprise Linux 5, they contain a backported
patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version
1.2.49. All running applications using libpng must be restarted for the
update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-April/080763.html
https://lists.centos.org/pipermail/centos-announce/2012-April/080764.html

Affected packages:
libpng
libpng-devel
libpng-static

Upstream details at:
https://access.redhat.com/errata/RHSA-2012:0523

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.1%