A libpng10 update has been released for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-238
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libpng10
Version : 1.0.15
Release : 8
Summary : Old version of libpng, needed to run old binaries.
Description :
The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen mclasen@redhat.com 1.0.15-8
- Build for FC2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
df256b5fd7568b39ea7e737eb4ede582 SRPMS/libpng10-1.0.15-8.src.rpm
0765cb769f591d9cbed2bb1ca02a6108 x86_64/libpng10-1.0.15-8.x86_64.rpm
49230b3792d80f80b8bcf4e81a5a5462
x86_64/libpng10-devel-1.0.15-8.x86_64.rpm
87344871592251377c94b6eaa3215855
x86_64/debug/libpng10-debuginfo-1.0.15-8.x86_64.rpm
6570d903af2d1e9d77523934cb6a73d9 i386/libpng10-1.0.15-8.i386.rpm
478673873b01f6013d8d73b099171443 i386/libpng10-devel-1.0.15-8.i386.rpm
99b03b2015ec3756c8640d74d5d93fcc
i386/debug/libpng10-debuginfo-1.0.15-8.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-238
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libpng10
Version : 1.0.15
Release : 8
Summary : Old version of libpng, needed to run old binaries.
Description :
The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen mclasen@redhat.com 1.0.15-8
- Build for FC2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
df256b5fd7568b39ea7e737eb4ede582 SRPMS/libpng10-1.0.15-8.src.rpm
0765cb769f591d9cbed2bb1ca02a6108 x86_64/libpng10-1.0.15-8.x86_64.rpm
49230b3792d80f80b8bcf4e81a5a5462
x86_64/libpng10-devel-1.0.15-8.x86_64.rpm
87344871592251377c94b6eaa3215855
x86_64/debug/libpng10-debuginfo-1.0.15-8.x86_64.rpm
6570d903af2d1e9d77523934cb6a73d9 i386/libpng10-1.0.15-8.i386.rpm
478673873b01f6013d8d73b099171443 i386/libpng10-devel-1.0.15-8.i386.rpm
99b03b2015ec3756c8640d74d5d93fcc
i386/debug/libpng10-debuginfo-1.0.15-8.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.