[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 2 Update: libpng-1.2.5-8



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-239
2004-08-04
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : libpng
Version     : 1.2.5                      
Release     : 8                  
Summary     : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.  PNG
is a bit-mapped graphics format similar to the GIF format.  PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

Libpng should be installed if you need to manipulate PNG format image
files.

---------------------------------------------------------------------
Update Information:

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

During a source code audit, Chris Evans discovered several buffer
overflows in libpng. An attacker could create a carefully crafted PNG
file in such a way that it would cause an application linked with libpng
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0597 to these issues. 

In addition, this audit discovered a potential NULL pointer dereference
in libpng (CAN-2004-0598) and several integer overflow issues
(CAN-2004-0599). An attacker could create a carefully crafted PNG file
in such a way that it would cause an application linked with libpng to
crash when the file was opened by the victim.

Red Hat would like to thank Chris Evans for discovering these issues.

---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen <mclasen redhat com> 2:1.2.5-8

- Build for FC2

* Fri Jul 23 2004 Matthias Clasen <mclasen redhat com> 2:1.2.5-7

- Replace the patches for individual security problems with the
  cumulative patch issued by the png developers. 
- Build for FC1

* Tue Jun 15 2004 Elliot Lee <sopwith redhat com>

- rebuilt

* Mon Jun 14 2004 Matthias Clasen <mclasen redhat com> - 2:1.2.5-5

- Rebuild for FC2

* Mon Jun 14 2004 Matthias Clasen <mclasen redhat com> - 2:1.2.5-4

- Rebuild for FC1

* Mon Jun 14 2004 Matthias Clasen <mclasen redhat com> - 2:1.2.5-3

- Reinstate and improve the transfix patch which got lost sometime ago, 
  but is still needed for CAN-2002-1363 (#125934)

* Mon May 24 2004 Than Ngo <than redhat com> 2:1.2.5-2

- add patch to link libm automatically
- get rid of rpath

* Wed May 19 2004 Matthias Clasen <mclasen redhat com> 2:1.2.5-1

- 1.2.5

* Mon May 03 2004 Matthias Clasen <mclasen redhat com> 2:1.2.2-22

- Redo the out-of-bounds fix in a slightly better way.

* Wed Apr 21 2004 Matthias Clasen <mclasen redhat com>

- Bump release number to disambiguate n-v-rs.

* Mon Apr 19 2004 Matthias Clasen <mclasen redhat com> 

- fix a possible out-of-bounds read in the error message 
  handler. #121229

* Tue Mar 02 2004 Elliot Lee <sopwith redhat com>

- rebuilt

* Fri Feb 27 2004 Mark McLoughlin <markmc redhat com> 2:1.2.2-19

- rebuild with changed bits/setjmp.h on ppc

* Fri Feb 13 2004 Elliot Lee <sopwith redhat com>

- rebuilt

* Wed Jun 04 2003 Elliot Lee <sopwith redhat com>

- rebuilt

* Tue Jun 03 2003 Jeff Johnson <jbj redhat com>

- add explicit epoch's where needed.

* Mon Feb 24 2003 Jonathan Blandford <jrb redhat com> 2:1.2.2-15

- change pkg-config to use libdir instead of hardcoding /usr/lib

* Mon Feb 24 2003 Elliot Lee <sopwith redhat com>

- rebuilt

* Thu Feb 20 2003 Jonathan Blandford <jrb redhat com> 2:1.2.2-12

- add Provides: libpng.so.3, #67007

* Fri Jan 24 2003 Jonathan Blandford <jrb redhat com>

- change requires to include the Epoch

* Thu Jan 23 2003 Karsten Hopp <karsten redhat de> 2:1.2.2-11

- Bump & rebuild

* Wed Jan 22 2003 Tim Powers <timp redhat com>

- rebuilt

* Wed Jan 15 2003 Elliot Lee <sopwith redhat com> 2:1.2.2-9

- Bump & rebuild

* Thu Dec 12 2002 Tim Powers <timp redhat com> 2:1.2.2-7

- merge changes in from -6hammer

* Fri Jun 21 2002 Tim Powers <timp redhat com>

- automated rebuild

* Thu May 23 2002 Tim Powers <timp redhat com>

- automated rebuild

* Tue May 07 2002 Bernhard Rosenkraenzer <bero redhat com> 1.2.2-4

- Don't own /usr/lib/pkgconfig
- Don't strip library, that's up to rpm

* Tue May 07 2002 Bernhard Rosenkraenzer <bero redhat com> 1.2.2-3

- Forgot png.h

* Mon May 06 2002 Bernhard Rosenkraenzer <bero redhat com> 1.2.2-2

- Fix compatibility with everyone else.

* Thu May 02 2002 Havoc Pennington <hp redhat com>

- 1.2.2 plus makefile patches tarball
- update file list to contain versioned libpng only

* Wed Jan 09 2002 Tim Powers <timp redhat com>

- automated rebuild

* Mon Dec 17 2001 Bernhard Rosenkraenzer <bero redhat com> 1.2.1-1

- 1.2.1

* Wed Sep 19 2001 Bernhard Rosenkraenzer <bero redhat com> 1.2.0-1

- 1.2.0

* Mon Jul 16 2001 Trond Eivind Glomsrød <teg redhat com>

- s/Copyright/License/
- fix weird versioning system (epoch was set to "2" in the main
  package, serial to "1" in the devel package. Huh?)

* Wed Jun 20 2001 Than Ngo <than redhat com> 1.0.12-1

- update to 1.0.12
- add missing libpng symlink

* Thu May 03 2001 Bernhard Rosenkraenzer <bero redhat com> 1.0.11-2

- libpng-devel requires zlib-devel (since png.h includes zlib.h)
  (#38883)

* Wed May 02 2001 Bernhard Rosenkraenzer <bero redhat com> 1.0.11-1

- 1.0.11

* Sun Apr 15 2001 Bernhard Rosenkraenzer <bero redhat com>

- 1.0.10

* Tue Feb 06 2001 Bernhard Rosenkraenzer <bero redhat com>

- 1.0.9, fixes Mozilla problems

* Tue Dec 12 2000 Bernhard Rosenkraenzer <bero redhat com>

- Rebuild to get rid of 0777 dirs

* Wed Nov 15 2000 Bernhard Rosenkraenzer <bero redhat com>

- Remove the workaround for Bug #20018 (from Oct 30).
  Qt 2.2.2 fixes the problem the workaround addressed.

* Mon Oct 30 2000 Bernhard Rosenkraenzer <bero redhat com>

- Work around a problem causing konqueror to segfault in image preview
  mode (Bug #20018)
- Copy SuSE 7.0's patch to handle bad chunks

* Sun Sep 03 2000 Florian La Roche <Florian LaRoche redhat de>

- only include the man5 man-pages once in the main rpm

* Fri Jul 28 2000 Preston Brown <pbrown redhat com>

- upgrade to 1.0.8 - fixes small memory leak, other bugs

* Thu Jul 13 2000 Prospector <bugzilla redhat com>

- automatic rebuild

* Mon Jun 19 2000 Bernhard Rosenkraenzer <bero redhat com>

- patchlevel c
- FHSify

* Tue Mar 21 2000 Nalin Dahyabhai <nalin redhat com>

- update to 1.0.6

* Mon Mar 13 2000 Nalin Dahyabhai <nalin redhat com>

- change serial to Epoch to get dependencies working correctly

* Fri Feb 11 2000 Nalin Dahyabhai <nalin redhat com>

- move buildroot and add URL

* Sat Feb 05 2000 Bernhard Rosenkränzer <bero redhat com>

- strip library
- rebuild to compress man pages

* Sun Nov 21 1999 Bernhard Rosenkränzer <bero redhat com>

- 1.0.5
- some tweaks to spec file to make updating easier
- handle RPM_OPT_FLAGS

* Mon Sep 20 1999 Matt Wilson <msw redhat com>

- changed requires in libpng-devel to include serial
- corrected typo

* Sun Mar 21 1999 Cristian Gafton <gafton redhat com> 

- auto rebuild in the new build environment (release 2)

* Sun Feb 07 1999 Michael Johnson <johnsonm redhat com>

- rev to 1.0.3

* Thu Dec 17 1998 Cristian Gafton <gafton redhat com>

- build for 6.0

* Wed Sep 23 1998 Cristian Gafton <gafton redhat com>

- we are Serial: 1 now because we are reverting the 1.0.2 version from
5.2
  beta to this prior one
- install man pages; set defattr defaults

* Thu May 07 1998 Prospector System <bugs redhat com>

- translations modified for de, fr, tr

* Thu Apr 30 1998 Cristian Gafton <gafton redhat com>

- devel subpackage moved to Development/Libraries

* Wed Apr 08 1998 Cristian Gafton <gafton redhat com>

- upgraded to 1.0.1
- added buildroot

* Tue Oct 14 1997 Donnie Barnes <djb redhat com>

- updated to new version
- spec file cleanups

* Thu Jul 10 1997 Erik Troan <ewt redhat com>

- built against glibc


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

6b45823b67235316b2a3014c9a01f46e  SRPMS/libpng-1.2.5-8.src.rpm
14c09742eaaf43659202a23c112ef183  x86_64/libpng-1.2.5-8.x86_64.rpm
e0c5c96590877ea498811d929934ad81  x86_64/libpng-devel-1.2.5-8.x86_64.rpm
96ae464a75a12ac39ed303108eee40b7 
x86_64/debug/libpng-debuginfo-1.2.5-8.x86_64.rpm
c5c3418992aa4d48f1bb92dc1db42603  x86_64/libpng-1.2.5-8.i386.rpm
c5c3418992aa4d48f1bb92dc1db42603  i386/libpng-1.2.5-8.i386.rpm
87e3b3fdd3c733d5f29efd0e78c00185  i386/libpng-devel-1.2.5-8.i386.rpm
3e015c843a8829ccbe2f313f1e773744 
i386/debug/libpng-debuginfo-1.2.5-8.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]