|
|
| Problem Description |
Chris Evans discovered numerous vulnerabilities in the libpng graphics
library, including a remotely exploitable stack-based buffer overrun in
the png_handle_tRNS function, dangerous code in png_handle_sBIT, a
possible NULL-pointer crash in png_handle_iCCP (which is also
duplicated in multiple other locations), a theoretical integer overflow
in png_read_png, and integer overflows during progressive reading.
All users are encouraged to upgrade immediately.
| Updated Packages |
Mandrakelinux 9.1
6fd39e5ee6bc8dc031bf3ea4608b2dcf 9.1/RPMS/libpng3-1.2.5-2.5.91mdk.i586.rpm e29e3f15812654860e80987ff169ed0a 9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.i586.rpm f8fbbf2d3bd57ffb967a12fa84806793 9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.i586.rpm c1f995c1738591bf1436386c19f220f8 9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm
Mandrakelinux 9.1/PPC
db141bfa829164296790fc5ecaeca8af ppc/9.1/RPMS/libpng3-1.2.5-2.5.91mdk.ppc.rpm cf12eb035d71e045bca05a351d2e12b5 ppc/9.1/RPMS/libpng3-devel-1.2.5-2.5.91mdk.ppc.rpm 37ed0b8a240466482f3e3e079397aca3 ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.5.91mdk.ppc.rpm c1f995c1738591bf1436386c19f220f8 ppc/9.1/SRPMS/libpng-1.2.5-2.5.91mdk.src.rpm
Mandrakelinux 9.2
73dcbcff5ec15f8d0c683e85357ba292 9.2/RPMS/libpng3-1.2.5-7.5.92mdk.i586.rpm 7d1493bececc9a48b84061b3eae8d92f 9.2/RPMS/libpng3-devel-1.2.5-7.5.92mdk.i586.rpm 32d8f720ff4f9e2dcfd7e07a7f3b221c 9.2/RPMS/libpng3-static-devel-1.2.5-7.5.92mdk.i586.rpm 9ada13b517e9d757874bd235de565fc8 9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
ce8a91d600fba2cdcc4cbfa73528f0cd amd64/9.2/RPMS/lib64png3-1.2.5-7.5.92mdk.amd64.rpm 231a4e5d6f11d262bb5bc6b7563ad93f amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.5.92mdk.amd64.rpm 1f63ad149a23fd5f2e9c9007b162235b amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.5.92mdk.amd64.rpm 9ada13b517e9d757874bd235de565fc8 amd64/9.2/SRPMS/libpng-1.2.5-7.5.92mdk.src.rpm
Mandrakelinux 10.0
5f2e0ce336d0854b79426e3ee2fc9c1c 10.0/RPMS/libpng3-1.2.5-10.5.100mdk.i586.rpm a08aee71d41f2fd270e657053ed16a18 10.0/RPMS/libpng3-devel-1.2.5-10.5.100mdk.i586.rpm 997b909be31340ab48a5c8266364d9f1 10.0/RPMS/libpng3-static-devel-1.2.5-10.5.100mdk.i586.rpm 5402d26cab5f03469f22f10e7279a64f 10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
7f4dbf94ab247849e8efb3034c6bb046 amd64/10.0/RPMS/lib64png3-1.2.5-10.5.100mdk.amd64.rpm 7f2e23c89e39423b2499798cad32fc13 amd64/10.0/RPMS/lib64png3-devel-1.2.5-10.5.100mdk.amd64.rpm ac6b7e03e3e816efa8744816d596338f amd64/10.0/RPMS/lib64png3-static-devel-1.2.5-10.5.100mdk.amd64.rpm 5402d26cab5f03469f22f10e7279a64f amd64/10.0/SRPMS/libpng-1.2.5-10.5.100mdk.src.rpm
Multi Network Firewall 8.2
f8ec19565a938e22f23e39b444d208a2 mnf8.2/RPMS/libpng3-1.2.4-3.7.M82mdk.i586.rpm 99b28bb4446212b3cf099640a876c44e mnf8.2/SRPMS/libpng-1.2.4-3.7.M82mdk.src.rpm
Corporate Server 2.1
6cf56378665f973c6b96a487db31f2df corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.i586.rpm 4dfb84e68f30cc4de1ddf2085ef74ebd corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.i586.rpm 68adca80324ccf10ecf386466673ff5e corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.i586.rpm e37d6b112471f9fbd39eee11db336a8e corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm
Corporate Server 2.1/X86_64
bb2f7ccff93adcf0f466cb4741f09440 x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.7.C21mdk.x86_64.rpm 22bd27f48fa0fd1e0510c3066ab67325 x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.7.C21mdk.x86_64.rpm 769bb0aa09bf26b1ff64a9cd5e5a452e x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.7.C21mdk.x86_64.rpm e37d6b112471f9fbd39eee11db336a8e x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.7.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
http://www.kb.cert.org/vuls/id/388984
http://www.kb.cert.org/vuls/id/236656
http://www.kb.cert.org/vuls/id/160448
http://www.kb.cert.org/vuls/id/477512
http://www.kb.cert.org/vuls/id/286464
http://www.kb.cert.org/vuls/id/817368
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.