(RHSA-2009:0340) Moderate: libpng security update

2009-03-0400:00:00

access.redhat.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

89.7%

JSON

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A flaw was discovered in libpng that could result in libpng trying to
free() random memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)

Users of libpng and libpng10 should upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.

OSVersionArchitecturePackageVersionFilename
RedHatanyppclibpng-devel< 1.2.2-29libpng-devel-1.2.2-29.ppc.rpm
RedHatanyppc64libpng< 1.2.2-29libpng-1.2.2-29.ppc64.rpm
RedHatanyppclibpng10< 1.0.13-20libpng10-1.0.13-20.ppc.rpm
RedHatanyppclibpng< 1.2.2-29libpng-1.2.2-29.ppc.rpm
RedHatanyppc64libpng10< 1.0.13-20libpng10-1.0.13-20.ppc64.rpm
RedHatanyppclibpng10-devel< 1.0.13-20libpng10-devel-1.0.13-20.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc	libpng-devel	< 1.2.2-29	libpng-devel-1.2.2-29.ppc.rpm
RedHat	any	ppc64	libpng	< 1.2.2-29	libpng-1.2.2-29.ppc64.rpm
RedHat	any	ppc	libpng10	< 1.0.13-20	libpng10-1.0.13-20.ppc.rpm
RedHat	any	ppc	libpng	< 1.2.2-29	libpng-1.2.2-29.ppc.rpm
RedHat	any	ppc64	libpng10	< 1.0.13-20	libpng10-1.0.13-20.ppc64.rpm
RedHat	any	ppc	libpng10-devel	< 1.0.13-20	libpng10-devel-1.0.13-20.ppc.rpm