Skip to navigation

Security Advisory libpng security update

Advisory: RHSA-2004:180-10
Type: Security Advisory
Severity: Important
Issued on: 2004-05-19
Last updated on: 2004-05-19
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0421

Details

Updated libpng packages that fix a out of bounds memory access are now
available.

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

Steve Grubb discovered a out of bounds memory access flaw in libpng. An
attacker could carefully craft a PNG file in such a way that it would cause
an application linked to libpng to crash when opened by a victim. This
issue may not be used to execute arbitrary code.

Users are advised to upgrade to these updated packages that contain a
backported security fix not vulnerable to this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
libpng-1.2.2-21.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: a7af7b6b2bd951e48720369a16d73164
libpng10-1.0.13-12.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: 7fd1a18a7a6040de59fa94801cdfc4aa
 
IA-32:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-devel-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: ed1a944854b4ae31e984d5fd6253f8f6
libpng10-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: c6bd33f12be1ea5209dbd073d5d11930
libpng10-devel-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 141ef17820d69a9bac9e9014b650a2e0
 
x86_64:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a059b12263dcd3f7ffd5ecffd78efad5
libpng-devel-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d55630e2bae3217527e90186f48f770
libpng10-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 84b289ad10369db0590a748bec11baab
libpng10-devel-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 742e50f2a46bad06225a4e1f00c08376
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
 
IA-32:
libpng-1.0.14-0.7x.5.i386.rpm
File outdated by:  RHSA-2009:0333
    MD5: 897953ceeb05ab68c5be43666923eee1
libpng-devel-1.0.14-0.7x.5.i386.rpm
File outdated by:  RHSA-2009:0333
    MD5: 914d10cb0ca5f16e936920063e14559c
 
IA-64:
libpng-1.0.14-0.7x.5.ia64.rpm
File outdated by:  RHSA-2009:0333
    MD5: 638a74c33a643c85c44ca800c34c2f7b
libpng-devel-1.0.14-0.7x.5.ia64.rpm
File outdated by:  RHSA-2009:0333
    MD5: 59f4af9d517daa997bc669389d8076d0
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
libpng-1.2.2-21.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: a7af7b6b2bd951e48720369a16d73164
libpng10-1.0.13-12.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: 7fd1a18a7a6040de59fa94801cdfc4aa
 
IA-32:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-devel-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: ed1a944854b4ae31e984d5fd6253f8f6
libpng10-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: c6bd33f12be1ea5209dbd073d5d11930
libpng10-devel-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 141ef17820d69a9bac9e9014b650a2e0
 
IA-64:
libpng-1.2.2-21.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 4d5177ecaa91321284edca4a6137c72b
libpng-devel-1.2.2-21.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 25004c38f2e935d004eeaecd6da1e78c
libpng10-1.0.13-12.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a799756aa33397073e65099a6e256faf
libpng10-devel-1.0.13-12.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d3b8c43e1874270e13a1852e62462a6
 
PPC:
libpng-1.2.2-21.ppc.rpm
File outdated by:  RHSA-2010:0534
    MD5: fa7ed696d67f9e95e9271a6f82eaa2a7
libpng-1.2.2-21.ppc64.rpm
File outdated by:  RHSA-2010:0534
    MD5: ff4c6abd1403b070b110655bf37f16ee
libpng-devel-1.2.2-21.ppc.rpm
File outdated by:  RHSA-2010:0534
    MD5: e98b4f626e938513496db87a22d0a874
ftp://updates.redhat.com/rhn/repository/NULL/libpng-devel/1.2.2-21/ppc64/libpng-devel-1.2.2-21.ppc64.rpm
Missing file
    MD5: 536339b9110eafe626833ef000630720
libpng10-1.0.13-12.ppc.rpm
File outdated by:  RHSA-2010:0534
    MD5: d86b8242b6a19fededbe546b1bfa6f21
libpng10-devel-1.0.13-12.ppc.rpm
File outdated by:  RHSA-2010:0534
    MD5: e183cc26b8cbaaa78500fb6c39dc5ad5
 
s390:
libpng-1.2.2-21.s390.rpm
File outdated by:  RHSA-2010:0534
    MD5: dcd3fcd9e7caaa4216e23458e1108f87
libpng-devel-1.2.2-21.s390.rpm
File outdated by:  RHSA-2010:0534
    MD5: 256c29c24fb5c38b5457b2d892c60e14
libpng10-1.0.13-12.s390.rpm
File outdated by:  RHSA-2010:0534
    MD5: c90b368cf7bb44aa8266edbc666e57af
libpng10-devel-1.0.13-12.s390.rpm
File outdated by:  RHSA-2010:0534
    MD5: 021581bb52d163c79fdd7c88fea38946
 
s390x:
libpng-1.2.2-21.s390.rpm
File outdated by:  RHSA-2010:0534
    MD5: dcd3fcd9e7caaa4216e23458e1108f87
libpng-1.2.2-21.s390x.rpm
File outdated by:  RHSA-2010:0534
    MD5: 55b5f90a5dad3c69360835f73c0eb4bc
libpng-devel-1.2.2-21.s390x.rpm
File outdated by:  RHSA-2010:0534
    MD5: a24c7b7fd082f4f0ccf62714c8469140
libpng10-1.0.13-12.s390x.rpm
File outdated by:  RHSA-2010:0534
    MD5: e8bb29a8fece0a01ca3483334a4b9a78
libpng10-devel-1.0.13-12.s390x.rpm
File outdated by:  RHSA-2010:0534
    MD5: cc33a93e86c9946c9c536f7fb287d4aa
 
x86_64:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a059b12263dcd3f7ffd5ecffd78efad5
libpng-devel-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d55630e2bae3217527e90186f48f770
libpng10-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 84b289ad10369db0590a748bec11baab
libpng10-devel-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 742e50f2a46bad06225a4e1f00c08376
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
 
IA-32:
libpng-1.0.14-0.7x.5.i386.rpm
File outdated by:  RHSA-2009:0333
    MD5: 897953ceeb05ab68c5be43666923eee1
libpng-devel-1.0.14-0.7x.5.i386.rpm
File outdated by:  RHSA-2009:0333
    MD5: 914d10cb0ca5f16e936920063e14559c
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
libpng-1.2.2-21.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: a7af7b6b2bd951e48720369a16d73164
libpng10-1.0.13-12.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: 7fd1a18a7a6040de59fa94801cdfc4aa
 
IA-32:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-devel-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: ed1a944854b4ae31e984d5fd6253f8f6
libpng10-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: c6bd33f12be1ea5209dbd073d5d11930
libpng10-devel-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 141ef17820d69a9bac9e9014b650a2e0
 
IA-64:
libpng-1.2.2-21.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 4d5177ecaa91321284edca4a6137c72b
libpng-devel-1.2.2-21.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 25004c38f2e935d004eeaecd6da1e78c
libpng10-1.0.13-12.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a799756aa33397073e65099a6e256faf
libpng10-devel-1.0.13-12.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d3b8c43e1874270e13a1852e62462a6
 
x86_64:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a059b12263dcd3f7ffd5ecffd78efad5
libpng-devel-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d55630e2bae3217527e90186f48f770
libpng10-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 84b289ad10369db0590a748bec11baab
libpng10-devel-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 742e50f2a46bad06225a4e1f00c08376
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
 
IA-32:
libpng-1.0.14-0.7x.5.i386.rpm
File outdated by:  RHSA-2009:0333
    MD5: 897953ceeb05ab68c5be43666923eee1
libpng-devel-1.0.14-0.7x.5.i386.rpm
File outdated by:  RHSA-2009:0333
    MD5: 914d10cb0ca5f16e936920063e14559c
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
libpng-1.2.2-21.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: a7af7b6b2bd951e48720369a16d73164
libpng10-1.0.13-12.src.rpm
File outdated by:  RHSA-2010:0534
    MD5: 7fd1a18a7a6040de59fa94801cdfc4aa
 
IA-32:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-devel-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: ed1a944854b4ae31e984d5fd6253f8f6
libpng10-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: c6bd33f12be1ea5209dbd073d5d11930
libpng10-devel-1.0.13-12.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 141ef17820d69a9bac9e9014b650a2e0
 
IA-64:
libpng-1.2.2-21.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 4d5177ecaa91321284edca4a6137c72b
libpng-devel-1.2.2-21.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 25004c38f2e935d004eeaecd6da1e78c
libpng10-1.0.13-12.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a799756aa33397073e65099a6e256faf
libpng10-devel-1.0.13-12.ia64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d3b8c43e1874270e13a1852e62462a6
 
x86_64:
libpng-1.2.2-21.i386.rpm
File outdated by:  RHSA-2010:0534
    MD5: 18194acdabb9acad8639775058da891d
libpng-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: a059b12263dcd3f7ffd5ecffd78efad5
libpng-devel-1.2.2-21.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 1d55630e2bae3217527e90186f48f770
libpng10-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 84b289ad10369db0590a748bec11baab
libpng10-devel-1.0.13-12.x86_64.rpm
File outdated by:  RHSA-2010:0534
    MD5: 742e50f2a46bad06225a4e1f00c08376
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
libpng-1.0.14-0.7x.5.src.rpm
File outdated by:  RHSA-2009:0333
    MD5: 1d35c1ac65f01160591f0d60cca2f321
 
IA-64:
libpng-1.0.14-0.7x.5.ia64.rpm
File outdated by:  RHSA-2009:0333
    MD5: 638a74c33a643c85c44ca800c34c2f7b
libpng-devel-1.0.14-0.7x.5.ia64.rpm
File outdated by:  RHSA-2009:0333
    MD5: 59f4af9d517daa997bc669389d8076d0
 

Bugs fixed (see bugzilla for more information)

121229 - libpng can access out of bounds memory


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/