Pardus: 2011-96: libpng: Denial of Service

Posted by Benjamin D. Thomas
A vulnerability has been fixed in libpng.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-96            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-11
  Severity: 2
      Type: Local
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in libpng.


Description
==========
CVE-2011-2501:

The fix for CVE-2004-0421 in libpng was inadvertently  reverted  during
the 1.2.23 development cycle. The original flaw could be used to cause a
denial of service via a carefully-crafted PNG image.


Affected packages:

  Pardus 2009:
    libpng, all before 1.2.44-23-8


Resolution
=========
There are update(s) for libpng. You can update them via Package Manager
or with a single command from console:

    pisi up libpng

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id526
  * https://bugzilla.redhat.com/show_bug.cgi?idq7084

------------------------------------------------------------------------