Описание
ELSA-2012-0523: libpng security update (MODERATE)
[2:1.2.49-1]
- Update to libpng 1.2.49, for minor security issues (CVE-2011-3048) Resolves: #812714
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
libpng
1.2.10-17.el5_8
libpng-devel
1.2.10-17.el5_8
Oracle Linux x86_64
libpng
1.2.10-17.el5_8
libpng-devel
1.2.10-17.el5_8
Oracle Linux i386
libpng
1.2.10-17.el5_8
libpng-devel
1.2.10-17.el5_8
Oracle Linux 6
Oracle Linux x86_64
libpng
1.2.49-1.el6_2
libpng-devel
1.2.49-1.el6_2
libpng-static
1.2.49-1.el6_2
Oracle Linux i686
libpng
1.2.49-1.el6_2
libpng-devel
1.2.49-1.el6_2
libpng-static
1.2.49-1.el6_2
Связанные CVE
Связанные уязвимости
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, ...
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.