Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: Libpng: Exposure of sensitive
Posted by Benjamin D. Thomas
A vulnerability has been reported in libpng, which can be exploited by malicious people to disclose potentially sensitive information.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-87 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-06-13
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
A vulnerability has been reported in libpng, which can be exploited by
malicious people to disclose potentially sensitive information.
Description
===========
The vulnerability is caused due to an error when processing 1-bit
interlaced images. This can be exploited to disclose uninitialised
memory via specially crafted images having widths that arenot divisible
by 8.
Affected packages:
Pardus 2008:
libpng, all before 1.2.37-19-9
Resolution
==========
There are update(s) for libpng. You can update them via Package Manager
or with a single command from console:
pisi up libpng
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9962
* http://www.libpng.org/pub/png/libpng.html
* http://secunia.com/advisories/35346/
