__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN libpng Security Update [Red Hat RHSA-2007:0992-3] October 24, 2007 17:00 GMT Number S-024 ______________________________________________________________________________ PROBLEM: Several flaws were discovered in the way libpng handled various PNG image chunks. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor DAMAGE: Could cause an application linked with libpng to crash when the file was manipulated. SOLUTION: Upgrade to the appropriate verision. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Could cause an application linked with libpng ASSESSMENT: to crash when the file was manipulated. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-024.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0992.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-5269 ______________________________________________________________________________ [***** Start Red Hat RHSA-2007:0992-3 *****] Moderate: libpng security update Advisory: RHSA-2007:0992-3 Type: Security Advisory Severity: Moderate Issued on: 2007-10-23 Last updated on: 2007-10-23 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor OVAL: com.redhat.rhsa-20070992.xml CVEs (cve.mitre.org): CVE-2007-5269 Details Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-5269) Users should update to these updated packages which contain a backported patch to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm 65ef21ca6d3d0954adcb398cb00f285d x86_64: libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm 65ef21ca6d3d0954adcb398cb00f285d libpng-devel-1.2.10-7.1.el5_0.1.x86_64.rpm 723b5a2156637e0b4101ae8318c85785 Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc IA-32: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-devel-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-devel-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 x86_64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.x86_64.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-devel-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.x86_64.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-devel-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 IA-32: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-devel-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 x86_64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.x86_64.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.x86_64.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.10-7.1.el5_0.1.src.rpm 87b94f6101b6d2cdf57f964ba6ae04d2 IA-32: libpng-1.2.10-7.1.el5_0.1.i386.rpm 6ca07548baaf0d6cdc1b37b202acfc7a libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm 65ef21ca6d3d0954adcb398cb00f285d IA-64: libpng-1.2.10-7.1.el5_0.1.i386.rpm 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.ia64.rpm 6b36c5108884419749ffc165d47f9afc libpng-devel-1.2.10-7.1.el5_0.1.ia64.rpm c10072a581bbe5142303f90b375a2278 PPC: libpng-1.2.10-7.1.el5_0.1.ppc.rpm 2fa00880cf8d53757bb9695e10362706 libpng-1.2.10-7.1.el5_0.1.ppc64.rpm 91ec17d87bf25f9fad722a0b38ab6734 libpng-devel-1.2.10-7.1.el5_0.1.ppc.rpm 576324386a2758c4bb8f9e9455600ac4 libpng-devel-1.2.10-7.1.el5_0.1.ppc64.rpm 737e75e486443c58b7775ed79c594224 s390x: libpng-1.2.10-7.1.el5_0.1.s390.rpm 772aa1d0ae113188171ccae531883d59 libpng-1.2.10-7.1.el5_0.1.s390x.rpm 8aaa30ebc5cd568eedd37e1028ba82a2 libpng-devel-1.2.10-7.1.el5_0.1.s390.rpm ef124a76d593c0a089921c0a61062fd5 libpng-devel-1.2.10-7.1.el5_0.1.s390x.rpm aa4ad4049d1477039e5b31819b899f9f x86_64: libpng-1.2.10-7.1.el5_0.1.i386.rpm 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.x86_64.rpm 27e8628c8b3c47a8f5a2b2b80b108708 libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm 65ef21ca6d3d0954adcb398cb00f285d libpng-devel-1.2.10-7.1.el5_0.1.x86_64.rpm 723b5a2156637e0b4101ae8318c85785 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 IA-32: libpng-1.0.14-11.i386.rpm 0732df5ec12664939d67fca62b3da78b libpng-devel-1.0.14-11.i386.rpm 4b312981223ae37653b226aa4f0e1c30 IA-64: libpng-1.0.14-11.ia64.rpm f72eaeeac93446fbe94e3e7e9bfe8bf0 libpng-devel-1.0.14-11.ia64.rpm 677500e029f8fd4899e44227f43d4649 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc IA-32: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-devel-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-devel-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 IA-64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.ia64.rpm acd381e3f94266b3542adec6d4e08416 libpng-devel-1.2.2-28.ia64.rpm 245b83155a02385a4bc5fd03b4e6ccbc libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.ia64.rpm 26852e343c608d95663b7ae89f335abe libpng10-devel-1.0.13-18.ia64.rpm c41b244b944a5abf14b5132da07928cd PPC: libpng-1.2.2-28.ppc.rpm 0a8761c27ccb7cc4900d15331dc1c12d libpng-1.2.2-28.ppc64.rpm 9d5ec4aa6761d7914fd73831082e9299 libpng-devel-1.2.2-28.ppc.rpm 19e686a66398e92fea9b962bfae8ce5e libpng10-1.0.13-18.ppc.rpm fcf6b29d1b76daeb7bc6091109ecc9ed libpng10-1.0.13-18.ppc64.rpm ef0ef7c74efd42f04067ff50b32ac3ac libpng10-devel-1.0.13-18.ppc.rpm 473b4b8c89ffc3dab3c56507b401c052 s390: libpng-1.2.2-28.s390.rpm 968cb9a3a89a65daa6962096d3a58188 libpng-devel-1.2.2-28.s390.rpm 362b6bb1f98f9104ca10974376620f2a libpng10-1.0.13-18.s390.rpm 7590e69979bf194292b755b0ac6bedf9 libpng10-devel-1.0.13-18.s390.rpm a57a419cd51068ef0dbdf1af7ba4c3c5 s390x: libpng-1.2.2-28.s390.rpm 968cb9a3a89a65daa6962096d3a58188 libpng-1.2.2-28.s390x.rpm 6c8fe05498b1825d50e5f77d1168fad7 libpng-devel-1.2.2-28.s390x.rpm c827a52fc4e5617fec140aae565a7f10 libpng10-1.0.13-18.s390.rpm 7590e69979bf194292b755b0ac6bedf9 libpng10-1.0.13-18.s390x.rpm 1715d2cd8827a3c271e3d804a14b2e86 libpng10-devel-1.0.13-18.s390x.rpm 4b90378e89a98c937bfd6dad7c33aa31 x86_64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.x86_64.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-devel-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.x86_64.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-devel-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 IA-32: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-devel-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 IA-64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.ia64.rpm e0e382f23144b1db7236db07c93ff04b libpng-devel-1.2.7-3.el4_5.1.ia64.rpm 9b2ba4fa2a07659c915598d6c8950c90 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.ia64.rpm 4cf8836500a6ffb6f8bb8f1fb3895e1e libpng10-devel-1.0.16-3.el4_5.1.ia64.rpm 94a1c1d37ccfaf2a22f60a261aff1431 PPC: libpng-1.2.7-3.el4_5.1.ppc.rpm 109c40de142c61a9d4178a49c8af72f0 libpng-1.2.7-3.el4_5.1.ppc64.rpm 1fdcafde194c3deb7d1b23732fa98e5a libpng-devel-1.2.7-3.el4_5.1.ppc.rpm 0badebb39d758e761f03257efe7ce84c libpng10-1.0.16-3.el4_5.1.ppc.rpm 66d86d2f5e530d8ea01ac37956d36dfe libpng10-1.0.16-3.el4_5.1.ppc64.rpm d0d43d869a483fe9191e76140e212eba libpng10-devel-1.0.16-3.el4_5.1.ppc.rpm 918e652b7162445974b32dded8141319 s390: libpng-1.2.7-3.el4_5.1.s390.rpm 8ad873d02bc00f7ba9ecb82b8cb4adf0 libpng-devel-1.2.7-3.el4_5.1.s390.rpm 88cd5db037c5df73de82e187758b4732 libpng10-1.0.16-3.el4_5.1.s390.rpm a7eb5891475fabe7bba2eefa49499f8f libpng10-devel-1.0.16-3.el4_5.1.s390.rpm ae563e1a22d6b74c3b31a01aa15b5e92 s390x: libpng-1.2.7-3.el4_5.1.s390.rpm 8ad873d02bc00f7ba9ecb82b8cb4adf0 libpng-1.2.7-3.el4_5.1.s390x.rpm c7afff88eb09b848033959d8ac581251 libpng-devel-1.2.7-3.el4_5.1.s390x.rpm 99f200a2ed459ebea2cf7ce4c3cf5ccb libpng10-1.0.16-3.el4_5.1.s390.rpm a7eb5891475fabe7bba2eefa49499f8f libpng10-1.0.16-3.el4_5.1.s390x.rpm 57acd057bf0fc707930821128919f879 libpng10-devel-1.0.16-3.el4_5.1.s390x.rpm b8e55470d4a04f5d6729dba92cc85510 x86_64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.x86_64.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.x86_64.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.10-7.1.el5_0.1.src.rpm 87b94f6101b6d2cdf57f964ba6ae04d2 IA-32: libpng-1.2.10-7.1.el5_0.1.i386.rpm 6ca07548baaf0d6cdc1b37b202acfc7a x86_64: libpng-1.2.10-7.1.el5_0.1.i386.rpm 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.x86_64.rpm 27e8628c8b3c47a8f5a2b2b80b108708 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 IA-32: libpng-1.0.14-11.i386.rpm 0732df5ec12664939d67fca62b3da78b libpng-devel-1.0.14-11.i386.rpm 4b312981223ae37653b226aa4f0e1c30 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc IA-32: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-devel-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-devel-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 IA-64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.ia64.rpm acd381e3f94266b3542adec6d4e08416 libpng-devel-1.2.2-28.ia64.rpm 245b83155a02385a4bc5fd03b4e6ccbc libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.ia64.rpm 26852e343c608d95663b7ae89f335abe libpng10-devel-1.0.13-18.ia64.rpm c41b244b944a5abf14b5132da07928cd x86_64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.x86_64.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-devel-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.x86_64.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-devel-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 IA-32: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-devel-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 IA-64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.ia64.rpm e0e382f23144b1db7236db07c93ff04b libpng-devel-1.2.7-3.el4_5.1.ia64.rpm 9b2ba4fa2a07659c915598d6c8950c90 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.ia64.rpm 4cf8836500a6ffb6f8bb8f1fb3895e1e libpng10-devel-1.0.16-3.el4_5.1.ia64.rpm 94a1c1d37ccfaf2a22f60a261aff1431 x86_64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.x86_64.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.x86_64.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 IA-32: libpng-1.0.14-11.i386.rpm 0732df5ec12664939d67fca62b3da78b libpng-devel-1.0.14-11.i386.rpm 4b312981223ae37653b226aa4f0e1c30 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc IA-32: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-devel-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-devel-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 IA-64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.ia64.rpm acd381e3f94266b3542adec6d4e08416 libpng-devel-1.2.2-28.ia64.rpm 245b83155a02385a4bc5fd03b4e6ccbc libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.ia64.rpm 26852e343c608d95663b7ae89f335abe libpng10-devel-1.0.13-18.ia64.rpm c41b244b944a5abf14b5132da07928cd x86_64: libpng-1.2.2-28.i386.rpm 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.x86_64.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-devel-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng10-1.0.13-18.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.x86_64.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-devel-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 IA-32: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-devel-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 IA-64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.ia64.rpm e0e382f23144b1db7236db07c93ff04b libpng-devel-1.2.7-3.el4_5.1.ia64.rpm 9b2ba4fa2a07659c915598d6c8950c90 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.ia64.rpm 4cf8836500a6ffb6f8bb8f1fb3895e1e libpng10-devel-1.0.16-3.el4_5.1.ia64.rpm 94a1c1d37ccfaf2a22f60a261aff1431 x86_64: libpng-1.2.7-3.el4_5.1.i386.rpm 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.x86_64.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng10-1.0.16-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.x86_64.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 IA-64: libpng-1.0.14-11.ia64.rpm f72eaeeac93446fbe94e3e7e9bfe8bf0 libpng-devel-1.0.14-11.ia64.rpm 677500e029f8fd4899e44227f43d4649 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 324771 - CVE-2007-5269 libpng DoS via multiple out-of-bounds reads References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 http://www.redhat.com/security/updates/classification/#moderate -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0992-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-014: librpcsecgss Vulnerability S-015: Oracle Critical Patch Update - October 2007 S-016: Multiple Vulnerabilities in Cisco PIX and ASA Appliances S-017: Cisco Unified Communications Manager Denial of Service Vulnerabilities S-018: Multiple Vulnerabilities in Firewall Services Module S-019: DHCP Vulnerability S-020: Cisco Unified Communications Web-based Management Vulnerability S-021: HP-UX Running OpenSSL Vulnerability S-022: Mozilla Products Vulnerabilities S-023: RealPlayer Playlist Vulnerability