-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-1976 2009-02-24 17:19:51 --------------------------------------------------------------------------------
Name : libpng10 Product : Fedora 10 Version : 1.0.43 Release : 1.fc10 URL : http://www.libpng.org/pub/png/libpng.html Summary : Old version of libpng, needed to run old binaries Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. -------------------------------------------------------------------------------- Update Information: This release fixes a vulnerability in which some arrays of pointers are not initialized prior to using malloc to define the pointers. If the application runs out of memory while executing the allocation loop (which can be forced by malevolent input), libpng10 will jump to a cleanup process that attempts to free all of the pointers, including the undefined ones. This issue has been assigned CVE-2009-0040 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 19 2009 Paul Howarth <p...@city-fan.org> 1.0.43-1 - update to 1.0.43 (clear pointer arrays created using png_malloc()) * Fri Dec 19 2008 Paul Howarth <p...@city-fan.org> 1.0.42-1 - update to 1.0.42 (various minor bugfixes and code cleanups) -------------------------------------------------------------------------------- References: [ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw https://bugzilla.redhat.com/show_bug.cgi?id=486355 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce