Fedora Linux 8782 Published by

A libpng update has been released for Fedora Core 1

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-237
2004-08-04
---------------------------------------------------------------------

Product : Fedora Core 1
Name : libpng
Version : 1.2.5
Release : 7
Summary : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm.

Libpng should be installed if you need to manipulate PNG format image files.



---------------------------------------------------------------------
Update Information:

The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.

During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues.

In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim.

Red Hat would like to thank Chris Evans for discovering these issues.

---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen mclasen@redhat.com 2:1.2.5-7

- Replace the patches for individual security problems with the cumulative patch issued by the png developers.

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

ddfaeadf308bfc528f769bee9b8af3e4 SRPMS/libpng-1.2.5-7.src.rpm
79d2c07cc01280b88df13a2846d28376 x86_64/libpng-1.2.5-7.x86_64.rpm
4bbf88bfefecfeeb99a70a50201d2804 x86_64/libpng-devel-1.2.5-7.x86_64.rpm
fa4ad0f9b024f15f7f79012f31914ce3
x86_64/debug/libpng-debuginfo-1.2.5-7.x86_64.rpm
81fcd51814f7d428eb8898a635412896 x86_64/libpng-1.2.5-7.i386.rpm
81fcd51814f7d428eb8898a635412896 i386/libpng-1.2.5-7.i386.rpm
c618312ab7b8a520a92aa8c56048f0a8 i386/libpng-devel-1.2.5-7.i386.rpm
99d64e601f653ad889452841efa883f5
i386/debug/libpng-debuginfo-1.2.5-7.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.