Package name
libpng
Date
2010-03-22
Advisory ID
MDVSA-2010:063
Affected versions
CS4.0 x86_64 , MNF2.0 i586 , CS4.0 i586 , 2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libpng:

libpng before 1.2.37 does not properly parse 1-bit interlaced images
with width values that are not divisible by 8, which causes libpng
to include uninitialized bits in certain rows of a PNG file and
might allow remote attackers to read portions of sensitive memory
via out-of-bounds pixels in the file (CVE-2009-2042).

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before
1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly
handle compressed ancillary-chunk data that has a disproportionately
large uncompressed representation, which allows remote attackers to
cause a denial of service (memory and CPU consumption, and application
hang) via a crafted PNG file, as demonstrated by use of the deflate
compression method on data composed of many occurrences of the same
character, related to a decompression bomb attack (CVE-2010-0205).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 x86_64

 a19c0839e78e5d16cc159621ff8e3786  corporate/4.0/x86_64/lib64png3-1.2.8-1.7.20060mlcs4.x86_64.rpm
 68d1b5c5174f6de15eb1d68735e45e0f  corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm
 d477b9271f6beba77435121f09dff09d  corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm 
 76f958bdba2876ea2a36f42407aaa9dc  corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm

MNF2.0 i586

 5fe2f05d45ebaac79c58e47429dedceb  mnf/2.0/i586/libpng3-1.2.5-10.12.M20mdk.i586.rpm
 0ebace3f9758ea06e6471317f95b253f  mnf/2.0/i586/libpng3-devel-1.2.5-10.12.M20mdk.i586.rpm
 3aa8ba999455eb190979ec7f6f22421a  mnf/2.0/i586/libpng3-static-devel-1.2.5-10.12.M20mdk.i586.rpm 
 1ceca3083b90247ac1d1b68b4bf08f33  mnf/2.0/SRPMS/libpng-1.2.5-10.12.M20mdk.src.rpm

CS4.0 i586

 e224d113e77e285d85ff11c55dae9e50  corporate/4.0/i586/libpng3-1.2.8-1.7.20060mlcs4.i586.rpm
 c0d62f11277442b0d7a909d0c1c53249  corporate/4.0/i586/libpng3-devel-1.2.8-1.7.20060mlcs4.i586.rpm
 8ea7ca8ab7bbed8f2683698a3f493d56  corporate/4.0/i586/libpng3-static-devel-1.2.8-1.7.20060mlcs4.i586.rpm 
 76f958bdba2876ea2a36f42407aaa9dc  corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm

2008.0 i586

 a490385a7af091254460923d5b370281  2008.0/i586/libpng3-1.2.22-0.4mdv2008.0.i586.rpm
 0a24bbf70a2d0acfe67872e0c9d8f709  2008.0/i586/libpng-devel-1.2.22-0.4mdv2008.0.i586.rpm
 4606a9e929c6051e122b70ebe2e7bad4  2008.0/i586/libpng-source-1.2.22-0.4mdv2008.0.i586.rpm
 694d03d2e8d3bcd07fc0684fd8a6b0c9  2008.0/i586/libpng-static-devel-1.2.22-0.4mdv2008.0.i586.rpm 
 da310f9645a322af4d2a97b9cf4592eb  2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm

2008.0 x86_64

 4502fd5d882a47d409bfd0e0bc154c88  2008.0/x86_64/lib64png3-1.2.22-0.4mdv2008.0.x86_64.rpm
 91b539a7a3a87d57c1ee1e33921aa787  2008.0/x86_64/lib64png-devel-1.2.22-0.4mdv2008.0.x86_64.rpm
 f0e202692b44e5ebd09168e307a1ad7b  2008.0/x86_64/lib64png-static-devel-1.2.22-0.4mdv2008.0.x86_64.rpm
 a5c685aa7aac15155af58211a576e08c  2008.0/x86_64/libpng-source-1.2.22-0.4mdv2008.0.x86_64.rpm 
 da310f9645a322af4d2a97b9cf4592eb  2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm

References