Arch Linux Security Warning ALSW 2007-#32 ------------------------------------------------------------
Name: libpng Date: 2007-05-20 Severity: High Warning #: 2007-#32 ------------------------------------------------------------ Product Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D libpng is the official PNG reference library. It supports almost all PNG features, is extensible, and has been extensively tested for over 12 year= s. Problem Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Versions up through 1.2.16 (and 1.0.24) have an NULL-pointer-dereference vulnerability involving palette images with a malformed tRNS chunk (i.e., one with a bad CRC value). Impact =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This bug can, at a minimum, cause crashes in browsers simply by visiting a page displaying such an image. Problem Packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Package: libpng Repo: current Group: lib Unsafe: < 1.2.18 Safe: >=3D 1.2.18 Package Fix =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Upgrade to 1.2.18 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.libpng.org/pub/png/libpng.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2445 http://www.kb.cert.org/vuls/id/684664
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
