Slackware Linux ProjectSSA-2010-180-01[slackware-security] libpng
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.629 Medium
EPSS
Percentile
97.8%
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
Here are the details from the Slackware 13.1 ChangeLog:
patches/packages/libpng-1.4.3-x86_64-1_slack13.1.txz: Upgraded.
Upgraded to libpng-1.2.44 and libpng-1.4.3.
This fixes out-of-bounds memory write bugs that could lead to crashes
or the execution of arbitrary code, and a memory leak bug which could
lead to application crashes.
For more information, see:
https://vulners.com/cve/CVE-2010-1205
https://vulners.com/cve/CVE-2010-2249
(* Security fix *)
Where to find the new packages:
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.44-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.44-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.44-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.44-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.44-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.44-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.44-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.44-i486-1_slack12.0.tgz
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.44-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.44-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.44-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.44-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.3-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.3-x86_64-1_slack13.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.3-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.3-x86_64-1.txz
MD5 signatures:
Slackware 8.1 package:
bdb6dcd9e95528e322bc1d4bd12577c5 libpng-1.2.44-i386-1_slack8.1.tgz
Slackware 9.0 package:
671e4efac517aab683ec3594936841e3 libpng-1.2.44-i386-1_slack9.0.tgz
Slackware 9.1 package:
f9be33ae1dab63722309f7eb6f909de9 libpng-1.2.44-i486-1_slack9.1.tgz
Slackware 10.0 package:
f62bc1d55bf067ef87271edef98cd811 libpng-1.2.44-i486-1_slack10.0.tgz
Slackware 10.1 package:
92c37a054de753b91843587be7baa093 libpng-1.2.44-i486-1_slack10.1.tgz
Slackware 10.2 package:
46fff313eea09bf7d8dc5aa7d5f02e50 libpng-1.2.44-i486-1_slack10.2.tgz
Slackware 11.0 package:
53cb0cd66561a896570f63fb7b902c53 libpng-1.2.44-i486-1_slack11.0.tgz
Slackware 12.0 package:
ca4e5349663e5c89535b499250749a81 libpng-1.2.44-i486-1_slack12.0.tgz
Slackware 12.1 package:
24b8375f21db062f2d737155f34d43b8 libpng-1.2.44-i486-1_slack12.1.tgz
Slackware 12.2 package:
506640f2470264ed5893cff4ac7b1c71 libpng-1.2.44-i486-1_slack12.2.tgz
Slackware 13.0 package:
d555896cea03edf4d58a31fdee4406de libpng-1.2.44-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
66e99767c446f36d5556b9964931f61c libpng-1.2.44-x86_64-1_slack13.0.txz
Slackware 13.1 package:
0c51a2a6efe13123eaa59211333ace60 libpng-1.4.3-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
5f546d986b469fdc65f6f24e61fbb1ae libpng-1.4.3-x86_64-1_slack13.1.txz
Slackware -current package:
f8c1549a3845b2e5c6507fc0c5da1a8b l/libpng-1.4.3-i486-1.txz
Slackware x86_64 -current package:
359d7cf5d6b491dbf9160c13618d8425 l/libpng-1.4.3-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg libpng-1.4.3-i486-1_slack13.1.txz
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.629 Medium
EPSS
Percentile
97.8%