|
|
| Problem Description |
Tavis Ormandy of the Google Security Team discovered a flaw in how
libpng handles zero-length unknown chunks in PNG files, which could
lead to memory corruption in applications that make use of certain
functions (CVE-2008-1382).
The updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
e94d77d776ab04e5d641b80cb4f067c1 corporate/3.0/i586/libpng3-1.2.5-10.10.C30mdk.i586.rpm 7568581fa685f67b99ab377ea8ec4d6c corporate/3.0/i586/libpng3-devel-1.2.5-10.10.C30mdk.i586.rpm feda1fe0f0126c9147b545cc202fe8b0 corporate/3.0/i586/libpng3-static-devel-1.2.5-10.10.C30mdk.i586.rpm 64475a8af64644e49b354d56501ac0fb corporate/3.0/SRPMS/libpng-1.2.5-10.10.C30mdk.src.rpm
Corporate Server 3.0/X86_64
636124a5fa31a10a6ddabe66f58944b9 corporate/3.0/x86_64/lib64png3-1.2.5-10.10.C30mdk.x86_64.rpm 310fd92035b6f7e86aec2c01f88da0e2 corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.10.C30mdk.x86_64.rpm 87827d072121bebfd0ae2cdbacea9cc8 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.10.C30mdk.x86_64.rpm 64475a8af64644e49b354d56501ac0fb corporate/3.0/SRPMS/libpng-1.2.5-10.10.C30mdk.src.rpm
Multi Network Firewall 2.0
3e8bd4b7fb11d66ea67c0dd75955736e mnf/2.0/i586/libpng3-1.2.5-10.10.C30mdk.i586.rpm 6a4922c9efebca1ef396966c8d9ef8cb mnf/2.0/SRPMS/libpng-1.2.5-10.10.C30mdk.src.rpm
Corporate Server 4.0
8203ca10282141997aaf7d3274a1741a corporate/4.0/i586/libpng3-1.2.8-1.5.20060mlcs4.i586.rpm 8476cfe63ae99781144a0c88e93995db corporate/4.0/i586/libpng3-devel-1.2.8-1.5.20060mlcs4.i586.rpm 16521bc77b5faeab13197f779eee2430 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.5.20060mlcs4.i586.rpm b540ed0b099dbd9313aa51a054f94a2d corporate/4.0/SRPMS/libpng-1.2.8-1.5.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
6c01d458c88701b5a59c333368a26902 corporate/4.0/x86_64/lib64png3-1.2.8-1.5.20060mlcs4.x86_64.rpm d7d737ca6e1386eaff5b7c4a473a1ff3 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.5.20060mlcs4.x86_64.rpm 760f0be502e4b467ea0e7082359d6c4b corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.5.20060mlcs4.x86_64.rpm b540ed0b099dbd9313aa51a054f94a2d corporate/4.0/SRPMS/libpng-1.2.8-1.5.20060mlcs4.src.rpm
Mandriva Linux 2007.1
328d67168d50a5275919b40845a55fae 2007.1/i586/libpng3-1.2.13-2.3mdv2007.1.i586.rpm 4a5ac2460608139834eb7cd20bec7fea 2007.1/i586/libpng3-devel-1.2.13-2.3mdv2007.1.i586.rpm b52c8961f58bc7a9a6d5d102c2a75f96 2007.1/i586/libpng3-static-devel-1.2.13-2.3mdv2007.1.i586.rpm 78e5b22e668df03ed267ba74bf4f296a 2007.1/SRPMS/libpng-1.2.13-2.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
9e8ffa3e7768314e558bfb36fc272f10 2007.1/x86_64/lib64png3-1.2.13-2.3mdv2007.1.x86_64.rpm 247ccd57b51b378231f1064fca1f8b15 2007.1/x86_64/lib64png3-devel-1.2.13-2.3mdv2007.1.x86_64.rpm 5f29761ec9564b9f1b5e28fc13568e2d 2007.1/x86_64/lib64png3-static-devel-1.2.13-2.3mdv2007.1.x86_64.rpm 78e5b22e668df03ed267ba74bf4f296a 2007.1/SRPMS/libpng-1.2.13-2.3mdv2007.1.src.rpm
Mandriva Linux 2008.0
e2f33ddc8d287d32f085fbe736cd99d9 2008.0/i586/libpng3-1.2.22-0.2mdv2008.0.i586.rpm c6e49fb9ee07fdc2ef64f8727945d995 2008.0/i586/libpng-devel-1.2.22-0.2mdv2008.0.i586.rpm af3c911c477924ba32c398d921684286 2008.0/i586/libpng-source-1.2.22-0.2mdv2008.0.i586.rpm 4be3e32680b5ae0885c410cc7dcb673c 2008.0/i586/libpng-static-devel-1.2.22-0.2mdv2008.0.i586.rpm df595ba0c708ba4d17c2e701e89ace3f 2008.0/SRPMS/libpng-1.2.22-0.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
8903bb17017b3ee24dd9efa5645ce950 2008.0/x86_64/lib64png3-1.2.22-0.2mdv2008.0.x86_64.rpm 13830901c08977e18bc40e2de6f4f012 2008.0/x86_64/lib64png-devel-1.2.22-0.2mdv2008.0.x86_64.rpm 736d3eabfd20c3f5b0400cdd0daeb1ff 2008.0/x86_64/lib64png-static-devel-1.2.22-0.2mdv2008.0.x86_64.rpm 00f1f10f493b4859dac5961cc20846e7 2008.0/x86_64/libpng-source-1.2.22-0.2mdv2008.0.x86_64.rpm df595ba0c708ba4d17c2e701e89ace3f 2008.0/SRPMS/libpng-1.2.22-0.2mdv2008.0.src.rpm
Mandriva Linux 2008.1
127edcf2e0db074ab54e2115c4079774 2008.1/i586/libpng3-1.2.25-2.1mdv2008.1.i586.rpm c6f0302fcac1c4204f83345e17d0714a 2008.1/i586/libpng-devel-1.2.25-2.1mdv2008.1.i586.rpm b7d5ea52ece77b8a5cfad691e80d86af 2008.1/i586/libpng-source-1.2.25-2.1mdv2008.1.i586.rpm e33a51fb3cf079f5183fbfec62945d63 2008.1/i586/libpng-static-devel-1.2.25-2.1mdv2008.1.i586.rpm 0ebc68ab40793c52cb1ed92545b690bd 2008.1/SRPMS/libpng-1.2.25-2.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64
ff6d4a6a4d8d2c87c753c2e003584eda 2008.1/x86_64/lib64png3-1.2.25-2.1mdv2008.1.x86_64.rpm b09c32d6b8f3a95ac7ff044d3118d620 2008.1/x86_64/lib64png-devel-1.2.25-2.1mdv2008.1.x86_64.rpm cda848ff05653640b2306a25458cc2f1 2008.1/x86_64/lib64png-static-devel-1.2.25-2.1mdv2008.1.x86_64.rpm f2be7e503102a46c7e6df1c385b3080a 2008.1/x86_64/libpng-source-1.2.25-2.1mdv2008.1.x86_64.rpm 0ebc68ab40793c52cb1ed92545b690bd 2008.1/SRPMS/libpng-1.2.25-2.1mdv2008.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.