MDVSA-2009:051

Package name

libpng

Date

2009-02-23

Advisory ID

MDVSA-2009:051

Affected versions

2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problem description

A number of vulnerabilities have been found and corrected in libpng:

Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was
allready fixed in Mandriva Linux 2009.0.

Fix the function png_check_keyword() that allowed setting arbitrary
bytes in the process memory to 0 (CVE-2008-5907).

Fix a potential DoS (Denial of Service) or to potentially compromise
an application using the library (CVE-2009-0040).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 6c9a8ddfc4872957863cad6b24e8a3ac  2009.0/x86_64/lib64png3-1.2.31-2.1mdv2009.0.x86_64.rpm
 3d25e33a29512b1aca2ce738b8f5f349  2009.0/x86_64/lib64png-devel-1.2.31-2.1mdv2009.0.x86_64.rpm
 a0e049c7090222715957c8db4bf102b5  2009.0/x86_64/lib64png-static-devel-1.2.31-2.1mdv2009.0.x86_64.rpm
 7611de5e02c238f6b8338fd49e07fcfa  2009.0/x86_64/libpng-source-1.2.31-2.1mdv2009.0.x86_64.rpm 
 99962c17399bba390d4996e09f7cfd28  2009.0/SRPMS/libpng-1.2.31-2.1mdv2009.0.src.rpm

CS4.0 x86_64

 11d4794bd27fafcb127101bf7787ca15  corporate/4.0/x86_64/lib64png3-1.2.8-1.6.20060mlcs4.x86_64.rpm
 64719027cd4bfa88a22bc8093708ac60  corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.6.20060mlcs4.x86_64.rpm
 f148fcfab25d6eab2cca7d990c0df781  corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.6.20060mlcs4.x86_64.rpm 
 bcbfc6f4913e8fd5787428076f1a1a48  corporate/4.0/SRPMS/libpng-1.2.8-1.6.20060mlcs4.src.rpm

MNF2.0 i586

 64eb92be451c217de475874e6877cf93  mnf/2.0/i586/libpng3-1.2.5-10.11.C30mdk.i586.rpm
 c34ffb76d4dbbcabcce7b98aed909d20  mnf/2.0/i586/libpng3-devel-1.2.5-10.11.C30mdk.i586.rpm
 bad230920945e3204e27b5ff52a9875c  mnf/2.0/i586/libpng3-static-devel-1.2.5-10.11.C30mdk.i586.rpm 
 bd0355475f58e795b1bb8b9ec67ffdad  mnf/2.0/SRPMS/libpng-1.2.5-10.11.C30mdk.src.rpm

2008.0 i586

 998ac96ae507c96bc3bf5180319412e7  2008.0/i586/libpng3-1.2.22-0.3mdv2008.0.i586.rpm
 acbb66ecf6c7ad53d171aa3958d58abf  2008.0/i586/libpng-devel-1.2.22-0.3mdv2008.0.i586.rpm
 c2648d20ebe13e5d954f24876a14e513  2008.0/i586/libpng-source-1.2.22-0.3mdv2008.0.i586.rpm
 388af16c0f685b8cd726e0ace52b60ce  2008.0/i586/libpng-static-devel-1.2.22-0.3mdv2008.0.i586.rpm 
 b27dd859afb25f890d7d6b2030dc5271  2008.0/SRPMS/libpng-1.2.22-0.3mdv2008.0.src.rpm

2009.0 i586

 db67f1e4b8a43986f03f718ad4d7120e  2009.0/i586/libpng3-1.2.31-2.1mdv2009.0.i586.rpm
 02a423cae16e9c656129601f1ae69600  2009.0/i586/libpng-devel-1.2.31-2.1mdv2009.0.i586.rpm
 f91a68467b81b3f532ef21b4ff9c9516  2009.0/i586/libpng-source-1.2.31-2.1mdv2009.0.i586.rpm
 0f28993456fd4c012385aa11baba2f7e  2009.0/i586/libpng-static-devel-1.2.31-2.1mdv2009.0.i586.rpm 
 99962c17399bba390d4996e09f7cfd28  2009.0/SRPMS/libpng-1.2.31-2.1mdv2009.0.src.rpm

CS3.0 x86_64

 57ee9252923d33d66a1787a9a68174a4  corporate/3.0/x86_64/lib64png3-1.2.5-10.11.C30mdk.x86_64.rpm
 c8c47259e3eb68c1c71be2a90ac1cde9  corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.11.C30mdk.x86_64.rpm
 2370808839b2f59ded6bc1b59f437801  corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.11.C30mdk.x86_64.rpm 
 4bf80d3855abcfde33835c4bc4ebad4d  corporate/3.0/SRPMS/libpng-1.2.5-10.11.C30mdk.src.rpm

2008.0 x86_64

 7c69863bb4054d737a898e039bcd61d4  2008.0/x86_64/lib64png3-1.2.22-0.3mdv2008.0.x86_64.rpm
 99b8f97c3f5df41a0b72cb6ca1962d60  2008.0/x86_64/lib64png-devel-1.2.22-0.3mdv2008.0.x86_64.rpm
 823d4ae86d6367d4364ad7f7ba0285f6  2008.0/x86_64/lib64png-static-devel-1.2.22-0.3mdv2008.0.x86_64.rpm
 110e19b8057b5d3711476e66ce27a8c4  2008.0/x86_64/libpng-source-1.2.22-0.3mdv2008.0.x86_64.rpm 
 b27dd859afb25f890d7d6b2030dc5271  2008.0/SRPMS/libpng-1.2.22-0.3mdv2008.0.src.rpm

CS3.0 i586

 0ea2e361290b0c8aceb44c3534939ed5  corporate/3.0/i586/libpng3-1.2.5-10.11.C30mdk.i586.rpm
 032c61ff00b460854757cd55b32d5d2a  corporate/3.0/i586/libpng3-devel-1.2.5-10.11.C30mdk.i586.rpm
 3bcfeddfcbb1c695a3a0a9b44850ad27  corporate/3.0/i586/libpng3-static-devel-1.2.5-10.11.C30mdk.i586.rpm 
 4bf80d3855abcfde33835c4bc4ebad4d  corporate/3.0/SRPMS/libpng-1.2.5-10.11.C30mdk.src.rpm

2008.1 x86_64

 2b1949ee8868bb7475310de66478640e  2008.1/x86_64/lib64png3-1.2.25-2.2mdv2008.1.x86_64.rpm
 4abeaf3ca19d4660b5ee1d22451413d5  2008.1/x86_64/lib64png-devel-1.2.25-2.2mdv2008.1.x86_64.rpm
 7aa2e1a738a12c633dcf1d1d5b7acd6e  2008.1/x86_64/lib64png-static-devel-1.2.25-2.2mdv2008.1.x86_64.rpm
 702d85b49120f5422db08345fc697758  2008.1/x86_64/libpng-source-1.2.25-2.2mdv2008.1.x86_64.rpm 
 2a7f7d02d232ce9948359377ba1e1ffb  2008.1/SRPMS/libpng-1.2.25-2.2mdv2008.1.src.rpm

2008.1 i586

 1b179e2b3487869c27b207017dff48d3  2008.1/i586/libpng3-1.2.25-2.2mdv2008.1.i586.rpm
 f7eab99997bb5141d479c6c503d9d1f6  2008.1/i586/libpng-devel-1.2.25-2.2mdv2008.1.i586.rpm
 ca12104e547b7faf7ba1018ef244aa88  2008.1/i586/libpng-source-1.2.25-2.2mdv2008.1.i586.rpm
 8902a48738d5729160f31e37fc46a9f2  2008.1/i586/libpng-static-devel-1.2.25-2.2mdv2008.1.i586.rpm 
 2a7f7d02d232ce9948359377ba1e1ffb  2008.1/SRPMS/libpng-1.2.25-2.2mdv2008.1.src.rpm

CS4.0 i586

 778576940a74bd6db459c275cd2203e1  corporate/4.0/i586/libpng3-1.2.8-1.6.20060mlcs4.i586.rpm
 c2a63382d99f8b9fb0d68f1ab21e5d21  corporate/4.0/i586/libpng3-devel-1.2.8-1.6.20060mlcs4.i586.rpm
 820ff66e8fdad685d26f9180070f3c4c  corporate/4.0/i586/libpng3-static-devel-1.2.8-1.6.20060mlcs4.i586.rpm 
 bcbfc6f4913e8fd5787428076f1a1a48  corporate/4.0/SRPMS/libpng-1.2.8-1.6.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964