Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] libpng (SSA:2004-222-01)
Date: Mon, 9 Aug 2004 20:40:50 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  libpng (SSA:2004-222-01)

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
and -current to fix security issues.  These issues could cause program crashes,
or possibly allow arbitrary code embedded in a malicious PNG image to execute.
The PNG library is widely used within the system, so all sites should upgrade
to the new libpng package.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug  7 17:17:20 PDT 2004
patches/packages/libpng-1.2.5-i486-3.tgz:  Patched possible security
  issues including buffer and integer overflows and null pointer
  references.  These issues could cause program crashes, or possibly
  allow arbitrary code embedded in a malicious PNG image to execute.
  The PNG library is widely used within the system, so all sites
  should upgrade to the new libpng package.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.5-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.5-i386-2.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.5-i486-3.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.5-i486-3.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.5-i486-3.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
be08f3ea7e8b41a3fd7ce49a676617e0  libpng-1.2.5-i386-1.tgz

Slackware 9.0 package:
6c68e6a65850e26b60651d65fd8c0a2f  libpng-1.2.5-i386-2.tgz

Slackware 9.1 package:
4fcf53708102839f3cac78a99d05e750  libpng-1.2.5-i486-3.tgz

Slackware 10.0 package:
094a9825c51204a9aa2cb0bbb43b7a64  libpng-1.2.5-i486-3.tgz

Slackware -current package:
094a9825c51204a9aa2cb0bbb43b7a64  libpng-1.2.5-i486-3.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libpng-1.2.5-i486-3.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBGAuNakRjwEAQIjMRAoCxAJ4k2BGCX20jnpF3GMXDEwfYCve3RQCff+JG
K1UQ5znV9VC1UrVVk9cxSGk=
=upVq
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.