Slackware alert SSA:2004-222-01 (libpng)
| From: | Slackware Security Team <security@slackware.com> | |
| To: | slackware-security@slackware.com | |
| Subject: | [slackware-security] libpng (SSA:2004-222-01) | |
| Date: | Mon, 9 Aug 2004 20:40:50 -0700 (PDT) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2004-222-01) New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should upgrade to the new libpng package. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 Here are the details from the Slackware 10.0 ChangeLog: +--------------------------+ Sat Aug 7 17:17:20 PDT 2004 patches/packages/libpng-1.2.5-i486-3.tgz: Patched possible security issues including buffer and integer overflows and null pointer references. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should upgrade to the new libpng package. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... MD5 signatures: +-------------+ Slackware 8.1 package: be08f3ea7e8b41a3fd7ce49a676617e0 libpng-1.2.5-i386-1.tgz Slackware 9.0 package: 6c68e6a65850e26b60651d65fd8c0a2f libpng-1.2.5-i386-2.tgz Slackware 9.1 package: 4fcf53708102839f3cac78a99d05e750 libpng-1.2.5-i486-3.tgz Slackware 10.0 package: 094a9825c51204a9aa2cb0bbb43b7a64 libpng-1.2.5-i486-3.tgz Slackware -current package: 094a9825c51204a9aa2cb0bbb43b7a64 libpng-1.2.5-i486-3.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libpng-1.2.5-i486-3.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBGAuNakRjwEAQIjMRAoCxAJ4k2BGCX20jnpF3GMXDEwfYCve3RQCff+JG K1UQ5znV9VC1UrVVk9cxSGk= =upVq -----END PGP SIGNATURE-----