Red Hat Product Errata RHSA-2006:0205 - Security Advisory

Issued:: 2006-02-13
Updated:: 2006-02-13

RHSA-2006:0205 - Security Advisory

Overview
Updated Packages

Synopsis

libpng security update

Type/Severity

Security Advisory: Moderate

Topic

Updated libpng packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-0481 to this issue.

Please note that the vunerable libpng function is only used by TeTeX and
XEmacs on Red Hat Enterprise Linux 4.

All users of libpng are advised to update to these updated packages which
contain a backported patch that is not vulnerable to this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 179455 - CVE-2006-0481 libpng heap based buffer overflow

CVEs

CVE-2006-0481

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
libpng-1.2.7-1.el4.2.src.rpm	SHA-256: c92788c484da7d60ea3a423500b1cecfca5dea04dd916ff1f1500732d8c55f9a
x86_64
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 7bc0d6766da5f29e53ad8acb86316da1b0534cf74222a4660eb2a132703f21ef
libpng-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 7bc0d6766da5f29e53ad8acb86316da1b0534cf74222a4660eb2a132703f21ef
libpng-devel-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 9fee5892d68a6f9e242536710d83ee698e42e41f851b1c0f93ce76bffd91da34
libpng-devel-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 9fee5892d68a6f9e242536710d83ee698e42e41f851b1c0f93ce76bffd91da34
ia64
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.ia64.rpm	SHA-256: 75f95b19f77832585f4c3b0523bf93400b6cd5bb516492b3d16c0ed5e52f8a41
libpng-1.2.7-1.el4.2.ia64.rpm	SHA-256: 75f95b19f77832585f4c3b0523bf93400b6cd5bb516492b3d16c0ed5e52f8a41
libpng-devel-1.2.7-1.el4.2.ia64.rpm	SHA-256: 975e69d004ade487cbea0f4efa552c98b185bb62ab4389cad9b019eb1445c2d4
libpng-devel-1.2.7-1.el4.2.ia64.rpm	SHA-256: 975e69d004ade487cbea0f4efa552c98b185bb62ab4389cad9b019eb1445c2d4
i386
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-devel-1.2.7-1.el4.2.i386.rpm	SHA-256: eb664e7f83580032737940fcd5aacfabe29d6aa277b5bad33fe75a33471e6930
libpng-devel-1.2.7-1.el4.2.i386.rpm	SHA-256: eb664e7f83580032737940fcd5aacfabe29d6aa277b5bad33fe75a33471e6930

Red Hat Enterprise Linux Workstation 4

SRPM
libpng-1.2.7-1.el4.2.src.rpm	SHA-256: c92788c484da7d60ea3a423500b1cecfca5dea04dd916ff1f1500732d8c55f9a
x86_64
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 7bc0d6766da5f29e53ad8acb86316da1b0534cf74222a4660eb2a132703f21ef
libpng-devel-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 9fee5892d68a6f9e242536710d83ee698e42e41f851b1c0f93ce76bffd91da34
ia64
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.ia64.rpm	SHA-256: 75f95b19f77832585f4c3b0523bf93400b6cd5bb516492b3d16c0ed5e52f8a41
libpng-devel-1.2.7-1.el4.2.ia64.rpm	SHA-256: 975e69d004ade487cbea0f4efa552c98b185bb62ab4389cad9b019eb1445c2d4
i386
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-devel-1.2.7-1.el4.2.i386.rpm	SHA-256: eb664e7f83580032737940fcd5aacfabe29d6aa277b5bad33fe75a33471e6930

Red Hat Enterprise Linux Desktop 4

SRPM
libpng-1.2.7-1.el4.2.src.rpm	SHA-256: c92788c484da7d60ea3a423500b1cecfca5dea04dd916ff1f1500732d8c55f9a
x86_64
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 7bc0d6766da5f29e53ad8acb86316da1b0534cf74222a4660eb2a132703f21ef
libpng-devel-1.2.7-1.el4.2.x86_64.rpm	SHA-256: 9fee5892d68a6f9e242536710d83ee698e42e41f851b1c0f93ce76bffd91da34
i386
libpng-1.2.7-1.el4.2.i386.rpm	SHA-256: 20c9e228db6c27bafbb5741b29083733a6cacc00d3864f22d28f5049a320f4d8
libpng-devel-1.2.7-1.el4.2.i386.rpm	SHA-256: eb664e7f83580032737940fcd5aacfabe29d6aa277b5bad33fe75a33471e6930

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
libpng-1.2.7-1.el4.2.src.rpm	SHA-256: c92788c484da7d60ea3a423500b1cecfca5dea04dd916ff1f1500732d8c55f9a
s390x
libpng-1.2.7-1.el4.2.s390.rpm	SHA-256: 8abbc7256e480608c65d50e69fa6d057ce53af5d43378cb30c92703ea59b35a8
libpng-1.2.7-1.el4.2.s390x.rpm	SHA-256: 9e9da01ea694f82cc0f85c1c3c0d57e03af22dea9816ef58e2f6e7ff28752e5a
libpng-devel-1.2.7-1.el4.2.s390x.rpm	SHA-256: f77d20f868b93cbdc77d9c095d46f1d4f2843fc97e9433c539ac12a4335a6e2f
s390
libpng-1.2.7-1.el4.2.s390.rpm	SHA-256: 8abbc7256e480608c65d50e69fa6d057ce53af5d43378cb30c92703ea59b35a8
libpng-devel-1.2.7-1.el4.2.s390.rpm	SHA-256: 5695d70964987107a84484b0ec3a300bb6f22cce381d7eb489d07eac95b85f87

Red Hat Enterprise Linux for Power, big endian 4

SRPM
libpng-1.2.7-1.el4.2.src.rpm	SHA-256: c92788c484da7d60ea3a423500b1cecfca5dea04dd916ff1f1500732d8c55f9a
ppc
libpng-1.2.7-1.el4.2.ppc.rpm	SHA-256: 1f839e171d29f5bdd731a7c5c317eb2ef751177358df880ff8265417b71728f5
libpng-1.2.7-1.el4.2.ppc64.rpm	SHA-256: 4bb2c05608120dd59418dfc029c3591bc931d5b8ccbe83ad49dfd5100f29a607
libpng-devel-1.2.7-1.el4.2.ppc.rpm	SHA-256: ab41f66d17f1b4eca8bdf08000af6ade3018874f6a9c64c9fb2d19eddba282b3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories