-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-4947 2008-06-03 04:42:18 --------------------------------------------------------------------------------
Name : libpng Product : Fedora 7 Version : 1.2.29 Release : 1.fc7 URL : http://www.libpng.org/pub/png/ Summary : A library of functions for manipulating PNG image format files Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.2.29. Among other bug fixes, this introduces a minor security fix in the handling of unknown chunks - CVE-2008-1382: http://libpng.sourceforge.net/Advisory-1.2.26.txt http://www.ocert.org/advisories/ocert-2008-003.html -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2008 Tom Lane <[EMAIL PROTECTED]> 2:1.2.29-1 - Update to libpng 1.2.29 (fixes low-priority security issue CVE-2008-1382) Related: #441839 * Thu Oct 18 2007 Tom Lane <[EMAIL PROTECTED]> 2:1.2.22-1 - Update to libpng 1.2.22, primarily to fix CVE-2007-5269 Related: #324771 - Update License tag * Wed May 23 2007 Tom Lane <[EMAIL PROTECTED]> 2:1.2.16-2 - Add patch to fix CVE-2007-2445 Related: #239542 -------------------------------------------------------------------------------- References: [ 1 ] Bug #441839 - CVE-2008-1382 libpng unknown chunk handling flaw https://bugzilla.redhat.com/show_bug.cgi?id=441839 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libpng' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce