Paketname
libpng
Datum
2014-02-17
Advisory ID
MDVSA-2014:035
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Updated libpng and libpng12 packages fix security vulnerability:

The png_do_expand_palette function in libpng before 1.6.8 allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via a PLTE chunk of zero bytes or a NULL palette,
related to pngrtran.c and pngset.c (CVE-2013-6954).

Aktualisierte Pakete

MES5 i586

 9e459a55c761870ca6b40a12b3d36d66  mes5/i586/libpng3-1.2.31-2.8mdvmes5.2.i586.rpm
 de27e436523a787cee10ad4318b3c6dd  mes5/i586/libpng-devel-1.2.31-2.8mdvmes5.2.i586.rpm
 dfae88ae67434fb8d6926d747895dae8  mes5/i586/libpng-source-1.2.31-2.8mdvmes5.2.i586.rpm
 3b3d03da06f07f56075853827a2dacdb  mes5/i586/libpng-static-devel-1.2.31-2.8mdvmes5.2.i586.rpm 
 4a2f827b292cdc03f63566eae8c812cd  mes5/SRPMS/libpng-1.2.31-2.8mdvmes5.2.src.rpm

MBS1 x86_64

 9237e9d4b379d48a06c8cef5f6153549  mbs1/x86_64/lib64png12_0-1.2.49-2.1.mbs1.x86_64.rpm
 dc285e45a37d56f3846eb390a861f4db  mbs1/x86_64/lib64png12-devel-1.2.49-2.1.mbs1.x86_64.rpm
 df04f10a3f6444219d39ab0dae2dc5eb  mbs1/x86_64/lib64png15_15-1.5.10-2.1.mbs1.x86_64.rpm
 d47b514f7851a4bcfad6b5e63e6b6454  mbs1/x86_64/lib64png-devel-1.5.10-2.1.mbs1.x86_64.rpm 
 fda6b6933c420961f4cdaf8a7d82e986  mbs1/SRPMS/libpng12-1.2.49-2.1.mbs1.src.rpm
 03558969532f7161705ef96cef74b019  mbs1/SRPMS/libpng-1.5.10-2.1.mbs1.src.rpm

MES5 x86_64

 3fe33312ba78608e46f63cda12b110db  mes5/x86_64/lib64png3-1.2.31-2.8mdvmes5.2.x86_64.rpm
 90fa95818ad0d287ef9555edef4a882a  mes5/x86_64/lib64png-devel-1.2.31-2.8mdvmes5.2.x86_64.rpm
 6b7626467754aed28ca5f77904451567  mes5/x86_64/lib64png-static-devel-1.2.31-2.8mdvmes5.2.x86_64.rpm
 dd60b577dd6e9ce8b934e25ca4e546c8  mes5/x86_64/libpng-source-1.2.31-2.8mdvmes5.2.x86_64.rpm 
 4a2f827b292cdc03f63566eae8c812cd  mes5/SRPMS/libpng-1.2.31-2.8mdvmes5.2.src.rpm

Referenzen