LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Eridani alert ERISA-2002:030 (libpng)



From:
    	      Eridani Star System <linux@eridani.co.uk>


To:
    	      eridani-announce@eridani.co.uk


Subject:
    	      [Eridani-Announce] ERISA-2002:030 - libpng


Date:
    	      Fri, 26 Jul 2002 00:01:02 +0100 (BST)



=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	libpng
Summary:	libpng buffer overflow vulnerability
Date:		2002-07-25
ID:		ERISA-2002:030

=========================================================================

Problem description:

  Versions of libpng prior to 1.2.4 and 1.0.14 have a buffer overflow
  vulnerability that could lead to remote code execution.

  libpng is the official PNG reference library. It supports almost all
  PNG features, is extensible, and has been extensively tested for over
  five years.

  Since many graphics applications use libpng, it is well worth upgrading
  to the new packages.

  ** NOTE ** Due to funnies relating to the base library being renamed to
  libpng10 and RPM not sure what happened there, use:
    rpm -e --nodeps libpng libpng-devel
  before installing the new libraries.

-------------------------------------------------------------------------
Updated packages:

  a1a0dcf262c8b9dede9f3c7cb371b035  libpng-1.0.14-1.src.rpm

  c1ef308ada5e90c1dc81a945d77c63e0  libpng-1.0.14-1.i386.rpm
  67ec0ad2b0b4794f966e0c62229731f1  libpng-devel-1.0.14-1.i386.rpm

-------------------------------------------------------------------------
References:
  http://lwn.net/Articles/5017/

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds