A libpng update has been released for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-239
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libpng
Version : 1.2.5
Release : 8
Summary : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm.
Libpng should be installed if you need to manipulate PNG format image files.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen mclasen@redhat.com 2:1.2.5-8
- Build for FC2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
6b45823b67235316b2a3014c9a01f46e SRPMS/libpng-1.2.5-8.src.rpm
14c09742eaaf43659202a23c112ef183 x86_64/libpng-1.2.5-8.x86_64.rpm
e0c5c96590877ea498811d929934ad81 x86_64/libpng-devel-1.2.5-8.x86_64.rpm
96ae464a75a12ac39ed303108eee40b7
x86_64/debug/libpng-debuginfo-1.2.5-8.x86_64.rpm
c5c3418992aa4d48f1bb92dc1db42603 x86_64/libpng-1.2.5-8.i386.rpm
c5c3418992aa4d48f1bb92dc1db42603 i386/libpng-1.2.5-8.i386.rpm
87e3b3fdd3c733d5f29efd0e78c00185 i386/libpng-devel-1.2.5-8.i386.rpm
3e015c843a8829ccbe2f313f1e773744
i386/debug/libpng-debuginfo-1.2.5-8.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-239
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libpng
Version : 1.2.5
Release : 8
Summary : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm.
Libpng should be installed if you need to manipulate PNG format image files.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen mclasen@redhat.com 2:1.2.5-8
- Build for FC2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
6b45823b67235316b2a3014c9a01f46e SRPMS/libpng-1.2.5-8.src.rpm
14c09742eaaf43659202a23c112ef183 x86_64/libpng-1.2.5-8.x86_64.rpm
e0c5c96590877ea498811d929934ad81 x86_64/libpng-devel-1.2.5-8.x86_64.rpm
96ae464a75a12ac39ed303108eee40b7
x86_64/debug/libpng-debuginfo-1.2.5-8.x86_64.rpm
c5c3418992aa4d48f1bb92dc1db42603 x86_64/libpng-1.2.5-8.i386.rpm
c5c3418992aa4d48f1bb92dc1db42603 i386/libpng-1.2.5-8.i386.rpm
87e3b3fdd3c733d5f29efd0e78c00185 i386/libpng-devel-1.2.5-8.i386.rpm
3e015c843a8829ccbe2f313f1e773744
i386/debug/libpng-debuginfo-1.2.5-8.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
