Advisories
Mandriva Advisories
|
 |
| Problem Description |
A buffer overflow vulnerability was discovered in libpng due to a
wrong calculation of some loop offset values. This buffer overflow
can lead to Denial of Service or even remote compromise.
After the upgrade, all applications that use libpng should be restarted.
Many applications are linked to libpng, so if you are unsure of what
applications to restart, you may wish to reboot the system. MandrakeSoft
encourages all users to upgrade immediately.
| Updated Packages |
Mandrakelinux 7.2
2c76e45e84da22cb0f27796d8106fab1 7.2/RPMS/libpng-1.0.8-2.2mdk.i586.rpm 292224db642f17ee582447df906ffeb3 7.2/RPMS/libpng-devel-1.0.8-2.2mdk.i586.rpm bb2a1b11a40796e64d79bbbe4b9e723a 7.2/SRPMS/libpng-1.0.8-2.2mdk.src.rpm
Mandrakelinux 8.0
8629fe7a0737df5460e80a86f628a228 8.0/RPMS/libpng2-1.0.9-1.2mdk.i586.rpm 4c9efd051b3f88f7ae70e4ef109ba1da 8.0/RPMS/libpng2-devel-1.0.9-1.2mdk.i586.rpm eebc402c603a5030853c276fed9be435 8.0/SRPMS/libpng-1.0.9-1.2mdk.src.rpm
Mandrakelinux 8.0/PPC
07e7f3eeeb0f1f13d7a534dea7e28302 ppc/8.0/RPMS/libpng2-1.0.9-1.2mdk.ppc.rpm b037d2edcaf1ca07a7732a3afd6622f8 ppc/8.0/RPMS/libpng2-devel-1.0.9-1.2mdk.ppc.rpm eebc402c603a5030853c276fed9be435 ppc/8.0/SRPMS/libpng-1.0.9-1.2mdk.src.rpm
Mandrakelinux 8.1
9a1081d64a16c7ae11da33744d72a006 8.1/RPMS/libpng2-1.0.12-2.2mdk.i586.rpm a7eb696f6dd2ceaab1ad0ba73158cb7f 8.1/RPMS/libpng2-devel-1.0.12-2.2mdk.i586.rpm 7718ffbd9b56d4da312e48d5653c5532 8.1/SRPMS/libpng-1.0.12-2.2mdk.src.rpm
Mandrakelinux 8.1/IA64
d619abb272740a962838659f0dfeddb8 ia64/8.1/RPMS/libpng2-1.0.12-2.2mdk.ia64.rpm 0c8375f5460d70490a11af9bf8bc2096 ia64/8.1/RPMS/libpng2-devel-1.0.12-2.2mdk.ia64.rpm 7718ffbd9b56d4da312e48d5653c5532 ia64/8.1/SRPMS/libpng-1.0.12-2.2mdk.src.rpm
Mandrakelinux 8.2
7d9ad00efdcbb0ce1f59121535f4b546 8.2/RPMS/libpng3-1.2.4-3.2mdk.i586.rpm 16f3e8374b88bc21645f1d075ce446b7 8.2/RPMS/libpng3-devel-1.2.4-3.2mdk.i586.rpm 94d59d2cca8c6894394d0738f9812c30 8.2/RPMS/libpng3-static-devel-1.2.4-3.2mdk.i586.rpm a9fb5c333d7c1e424f43135db451ddb8 8.2/SRPMS/libpng-1.2.4-3.2mdk.src.rpm
Mandrakelinux 8.2/PPC
1a5a6053e7d68870f345968d58f679e9 ppc/8.2/RPMS/libpng3-1.2.4-3.2mdk.ppc.rpm 80aa48d4f91c40c70a8a4eb204b06d38 ppc/8.2/RPMS/libpng3-devel-1.2.4-3.2mdk.ppc.rpm d09c02fa38c9a8b035028ed35a8d5584 ppc/8.2/RPMS/libpng3-static-devel-1.2.4-3.2mdk.ppc.rpm a9fb5c333d7c1e424f43135db451ddb8 ppc/8.2/SRPMS/libpng-1.2.4-3.2mdk.src.rpm
Mandrakelinux 9.0
7a8430641572bbb1ef7cc8575efe2678 9.0/RPMS/libpng3-1.2.4-3.2mdk.i586.rpm 2b05c7a99cfc2481df6dfeaf06465714 9.0/RPMS/libpng3-devel-1.2.4-3.2mdk.i586.rpm c712c39a823eb44323a584721edc3a7b 9.0/RPMS/libpng3-static-devel-1.2.4-3.2mdk.i586.rpm a9fb5c333d7c1e424f43135db451ddb8 9.0/SRPMS/libpng-1.2.4-3.2mdk.src.rpm
Multi Network Firewall 8.2
7d9ad00efdcbb0ce1f59121535f4b546 mnf8.2/RPMS/libpng3-1.2.4-3.2mdk.i586.rpm a9fb5c333d7c1e424f43135db451ddb8 mnf8.2/SRPMS/libpng-1.2.4-3.2mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.