LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:033: libpng Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in libpng: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:033
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libpng
 Date    : March 21, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in libpng:
 
 A heap-based buffer overflow flaw was found in the way libpng
 processed compressed chunks in PNG image files. An attacker could
 create a specially-crafted PNG image file that, when opened, could
 cause an application using libpng to crash or, possibly, execute
 arbitrary code with the privileges of the user running the application
 (CVE-2011-3045).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
 https://bugzilla.redhat.com/show_bug.cgi?id=799000
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 8ce1692699d6340c722609687b3c1d43  2010.1/i586/libpng3-1.2.43-1.4mdv2010.2.i586.rpm
 efde5d68e7a3689383583673a41837b4  2010.1/i586/libpng-devel-1.2.43-1.4mdv2010.2.i586.rpm
 3b49b9d4300101a2ad6d4dbe76ea3951  2010.1/i586/libpng-source-1.2.43-1.4mdv2010.2.i586.rpm
 a3dc5c7022ca1efdcd50c7a1b30e098f  2010.1/i586/libpng-static-devel-1.2.43-1.4mdv2010.2.i586.rpm 
 22b3f3635669c5380e721b6040e1e793  2010.1/SRPMS/libpng-1.2.43-1.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 4dd51c05e94490929f61988410c5b639  2010.1/x86_64/lib64png3-1.2.43-1.4mdv2010.2.x86_64.rpm
 f5724667312bb3c83c2525c32890490c  2010.1/x86_64/lib64png-devel-1.2.43-1.4mdv2010.2.x86_64.rpm
 0dd3ec66bbc8205965d63bdafa794741  2010.1/x86_64/lib64png-static-devel-1.2.43-1.4mdv2010.2.x86_64.rpm
 bc35032a8bc5b584b354ba35e8b2a177  2010.1/x86_64/libpng-source-1.2.43-1.4mdv2010.2.x86_64.rpm 
 22b3f3635669c5380e721b6040e1e793  2010.1/SRPMS/libpng-1.2.43-1.4mdv2010.2.src.rpm

 Mandriva Linux 2011:
 ff171bb221ac51862059bb56f17af8c1  2011/i586/libpng3-1.2.46-1.2-mdv2011.0.i586.rpm
 eb5a2bb97aff9550a74688a4561ee318  2011/i586/libpng-devel-1.2.46-1.2-mdv2011.0.i586.rpm
 941755ad12b007dab7228ff811215ae1  2011/i586/libpng-source-1.2.46-1.2-mdv2011.0.i586.rpm
 8f66b00517da98d71c4415a103b964b2  2011/i586/libpng-static-devel-1.2.46-1.2-mdv2011.0.i586.rpm 
 4c1d2893ef6ebe27cd7b64344d40a1a1  2011/SRPMS/libpng-1.2.46-1.2.src.rpm

 Mandriva Linux 2011/X86_64:
 6216d1abe8dbb599584ba3cd4ad602bf  2011/x86_64/lib64png3-1.2.46-1.2-mdv2011.0.x86_64.rpm
 22cddc6d3e4c24f5c1aae64161935dc1  2011/x86_64/lib64png-devel-1.2.46-1.2-mdv2011.0.x86_64.rpm
 631967367a20801088b59460b19efe8b  2011/x86_64/lib64png-static-devel-1.2.46-1.2-mdv2011.0.x86_64.rpm
 0d7fe6c6bebe813a817a20b0257a74cc  2011/x86_64/libpng-source-1.2.46-1.2-mdv2011.0.x86_64.rpm 
 4c1d2893ef6ebe27cd7b64344d40a1a1  2011/SRPMS/libpng-1.2.46-1.2.src.rpm

 Mandriva Enterprise Server 5:
 07faa832f20210363428303e08ef79a3  mes5/i586/libpng3-1.2.31-2.6mdvmes5.2.i586.rpm
 3e6864bd079b3660a51ce0349f20b4d4  mes5/i586/libpng-devel-1.2.31-2.6mdvmes5.2.i586.rpm
 a35695f0cf2a116934af8fe7b3f79136  mes5/i586/libpng-source-1.2.31-2.6mdvmes5.2.i586.rpm
 c2c93688dee244bd34767e357a9f21c0  mes5/i586/libpng-static-devel-1.2.31-2.6mdvmes5.2.i586.rpm 
 91d76d5d157fe37b484346fd9cbe3193  mes5/SRPMS/libpng-1.2.31-2.6mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 05b845a052ed531a89be93bbf742a037  mes5/x86_64/lib64png3-1.2.31-2.6mdvmes5.2.x86_64.rpm
 10c36ffcc0ea0f7aadf912be3c5e8edb  mes5/x86_64/lib64png-devel-1.2.31-2.6mdvmes5.2.x86_64.rpm
 5fe9bc6baf91438cc6a0e14523b22545  mes5/x86_64/lib64png-static-devel-1.2.31-2.6mdvmes5.2.x86_64.rpm
 f732953c75a16a6d30cc7da2908243ac  mes5/x86_64/libpng-source-1.2.31-2.6mdvmes5.2.x86_64.rpm 
 91d76d5d157fe37b484346fd9cbe3193  mes5/SRPMS/libpng-1.2.31-2.6mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
NSA keeps low profile at hacker conventions despite past appearances
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.