(RHSA-2009:0333) Moderate: libpng security update

2009-03-0400:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.1%

JSON

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A flaw was discovered in libpng that could result in libpng trying to
free() random memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)

A flaw was discovered in the way libpng handled PNG images containing
“unknown” chunks. If an application linked against libpng attempted to
process a malformed, unknown chunk in a malicious PNG image, it could cause
the application to crash. (CVE-2008-1382)

Users of libpng and libpng10 should upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5x86_64libpng-devel< 1.2.10-7.1.el5_3.2libpng-devel-1.2.10-7.1.el5_3.2.x86_64.rpm
RedHat5ia64libpng-devel< 1.2.10-7.1.el5_3.2libpng-devel-1.2.10-7.1.el5_3.2.ia64.rpm
RedHat4ia64libpng10< 1.0.16-3.el4_7.3libpng10-1.0.16-3.el4_7.3.ia64.rpm
RedHat5ia64libpng< 1.2.10-7.1.el5_3.2libpng-1.2.10-7.1.el5_3.2.ia64.rpm
RedHat5s390xlibpng-devel< 1.2.10-7.1.el5_3.2libpng-devel-1.2.10-7.1.el5_3.2.s390x.rpm
RedHat4ppclibpng10< 1.0.16-3.el4_7.3libpng10-1.0.16-3.el4_7.3.ppc.rpm
RedHat5s390libpng-devel< 1.2.10-7.1.el5_3.2libpng-devel-1.2.10-7.1.el5_3.2.s390.rpm
RedHat4x86_64libpng< 1.2.7-3.el4_7.2libpng-1.2.7-3.el4_7.2.x86_64.rpm
RedHat5s390xlibpng< 1.2.10-7.1.el5_3.2libpng-1.2.10-7.1.el5_3.2.s390x.rpm
RedHat5ppclibpng< 1.2.10-7.1.el5_3.2libpng-1.2.10-7.1.el5_3.2.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	x86_64	libpng-devel	< 1.2.10-7.1.el5_3.2	libpng-devel-1.2.10-7.1.el5_3.2.x86_64.rpm
RedHat	5	ia64	libpng-devel	< 1.2.10-7.1.el5_3.2	libpng-devel-1.2.10-7.1.el5_3.2.ia64.rpm
RedHat	4	ia64	libpng10	< 1.0.16-3.el4_7.3	libpng10-1.0.16-3.el4_7.3.ia64.rpm
RedHat	5	ia64	libpng	< 1.2.10-7.1.el5_3.2	libpng-1.2.10-7.1.el5_3.2.ia64.rpm
RedHat	5	s390x	libpng-devel	< 1.2.10-7.1.el5_3.2	libpng-devel-1.2.10-7.1.el5_3.2.s390x.rpm
RedHat	4	ppc	libpng10	< 1.0.16-3.el4_7.3	libpng10-1.0.16-3.el4_7.3.ppc.rpm
RedHat	5	s390	libpng-devel	< 1.2.10-7.1.el5_3.2	libpng-devel-1.2.10-7.1.el5_3.2.s390.rpm
RedHat	4	x86_64	libpng	< 1.2.7-3.el4_7.2	libpng-1.2.7-3.el4_7.2.x86_64.rpm
RedHat	5	s390x	libpng	< 1.2.10-7.1.el5_3.2	libpng-1.2.10-7.1.el5_3.2.s390x.rpm
RedHat	5	ppc	libpng	< 1.2.10-7.1.el5_3.2	libpng-1.2.10-7.1.el5_3.2.ppc.rpm