|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] libpng (SSA:2004-222-01)
Date: Mon, 9 Aug 2004 20:40:50 -0700 (PDT) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libpng (SSA:2004-222-01)
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
and -current to fix security issues. These issues could cause program crashes,
or possibly allow arbitrary code embedded in a malicious PNG image to execute.
The PNG library is widely used within the system, so all sites should upgrade
to the new libpng package.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 PDT 2004
patches/packages/libpng-1.2.5-i486-3.tgz: Patched possible security
issues including buffer and integer overflows and null pointer
references. These issues could cause program crashes, or possibly
allow arbitrary code embedded in a malicious PNG image to execute.
The PNG library is widely used within the system, so all sites
should upgrade to the new libpng package.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.5-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.5-i386-2.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.5-i486-3.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.5-i486-3.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.5-i486-3.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
be08f3ea7e8b41a3fd7ce49a676617e0 libpng-1.2.5-i386-1.tgz
Slackware 9.0 package:
6c68e6a65850e26b60651d65fd8c0a2f libpng-1.2.5-i386-2.tgz
Slackware 9.1 package:
4fcf53708102839f3cac78a99d05e750 libpng-1.2.5-i486-3.tgz
Slackware 10.0 package:
094a9825c51204a9aa2cb0bbb43b7a64 libpng-1.2.5-i486-3.tgz
Slackware -current package:
094a9825c51204a9aa2cb0bbb43b7a64 libpng-1.2.5-i486-3.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg libpng-1.2.5-i486-3.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBGAuNakRjwEAQIjMRAoCxAJ4k2BGCX20jnpF3GMXDEwfYCve3RQCff+JG
K1UQ5znV9VC1UrVVk9cxSGk=
=upVq
-----END PGP SIGNATURE-----
|
| |