5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.208 Low
EPSS
Percentile
96.3%
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, 12.0, and -current to fix security issues.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
https://vulners.com/cve/CVE-2007-5266
https://vulners.com/cve/CVE-2007-5267
https://vulners.com/cve/CVE-2007-5268
https://vulners.com/cve/CVE-2007-5269
Here are the details from the Slackware 12.0 ChangeLog:
patches/packages/libpng-1.2.23-i486-1_slack12.0.tgz:
Upgraded to libpng-1.2.23.
Previous libpng versions may crash when loading malformed PNG files.
It is not currently known if this vulnerability can be exploited to
execute malicious code.
For more information, see:
https://vulners.com/cve/CVE-2007-5266
https://vulners.com/cve/CVE-2007-5267
https://vulners.com/cve/CVE-2007-5268
https://vulners.com/cve/CVE-2007-5269
(* Security fix *)
Where to find the new packages:
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.23-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.23-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.23-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.23-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.18-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.18-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.23-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.23-i486-1_slack12.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.23-i486-1.tgz
MD5 signatures:
Slackware 8.1 package:
8d0dd9842dad8760a307b26553a65d4b libpng-1.2.23-i386-1_slack8.1.tgz
Slackware 9.0 package:
de97c8d48064f524f5f1e8282239b273 libpng-1.2.23-i386-1_slack9.0.tgz
Slackware 9.1 package:
b27a0b7a99c61481790e48c3ba8f9b7c libpng-1.2.23-i486-1_slack9.1.tgz
Slackware 10.0 package:
554b84161d14901c9ffe6af8bb3f8248 libpng-1.2.23-i486-1_slack10.0.tgz
Slackware 10.1 package:
3f9f1ba6c975ea16b8921482fba71c74 libpng-1.2.18-i486-1_slack10.1.tgz
Slackware 10.2 package:
3a7f07dbaef1058987718fc5bc2beed0 libpng-1.2.18-i486-1_slack10.2.tgz
Slackware 11.0 package:
0582f807f04c7041092b0ccc10c17d1f libpng-1.2.23-i486-1_slack11.0.tgz
Slackware 12.0 package:
aaa0871396e70f44cd8ee6b4243fa93e libpng-1.2.23-i486-1_slack12.0.tgz
Slackware -current package:
db8a8d10e3b637380875d7644faa8e37 libpng-1.2.23-i486-1.tgz
Installation instructions:
Upgrade the packages as root:
> upgradepkg libpng-1.2.23-i486-1_slack12.0.tgz
Applications that use libpng may have to be restarted.