| Summary: | libpng new security issue CVE-2011-3045 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | libpng-1.2.47-1.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-03-21 13:32:19 CET
Manuel Hiebel
2012-03-21 22:21:06 CET
Assignee:
bugsquad =>
fundawang
David Walser
2012-03-22 03:06:31 CET
Blocks:
(none) =>
5046 New version of package (libpng 1.2.48) pushed in core/updates_testing. Please test Status:
NEW =>
ASSIGNED
David Walser
2012-03-22 13:58:04 CET
Blocks:
5046 =>
(none) Advisory: ======================== Updated libpng packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-3045). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 https://bugzilla.redhat.com/show_bug.cgi?id=799000 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:033 ======================== Updated packages in core/updates_testing: ======================== libpng-devel-1.2.48-1.mga1 libpng-source-1.2.48-1.mga1 libpng-static-devel-1.2.48-1.mga1 libpng3-1.2.48-1.mga1 from libpng-1.2.48-1.mga1.src.rpm Test OK x86_64 with xv some.png Tested OK i586, same procedure Validating. Advisory and SRPM in comment 2 Could sysadmin please push from core/updates_testing to core/updates Thankyou! Keywords:
(none) =>
validated_update Update pushed. Status:
ASSIGNED =>
RESOLVED |