New versions of libpng have been released to fix this, 1.5.10 and 1.2.49. Updates are needed for Mageia 1 and Cauldron.
CC: (none) => fundawang
Assignee: bugsquad => fundawangSource RPM: libpng-1.2.48-1.mga1.src.rpm => libpng-devel
Funda Wang has built an update for Mageia 1. Cauldron has not been updated yet. Advisory: ======================== Updated libpng packages fix security vulnerability: libpng versions prior to 1.5.10, 1.4.11, 1.2.49, and 1.0.59 fail to correctly handle malloc() failure for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of execution of hostile code (CVE-2011-3048). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://www.libpng.org/pub/png/libpng.html ======================== Updated packages in core/updates_testing: ======================== libpng-devel-1.2.49-1.mga1 libpng-source-1.2.49-1.mga1 libpng-static-devel-1.2.49-1.mga1 libpng3-1.2.49-1.mga1 from libpng-1.2.49-1.mga1.src.rpm
Testing complete on i586 for the srpm libpng-1.2.49-1.mga1.src.rpm Testing use xv to view a png file.
CC: (none) => davidwhodgins
Blocks: (none) => 5046
Blocks: 5046 => (none)
Assignee: fundawang => qa-bugs
Ping. We still need x86-64 testing for this security update.
Testing complete on x86_64 Update Validated Advisory: ======================== Updated libpng packages fix security vulnerability: libpng versions prior to 1.5.10, 1.4.11, 1.2.49, and 1.0.59 fail to correctly handle malloc() failure for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of execution of hostile code (CVE-2011-3048). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://www.libpng.org/pub/png/libpng.html Could someone from sysadmin please push libpng-1.2.49-1.mga1.src.rpm from core/updates_testing to core/updates
Keywords: (none) => validated_updateCC: (none) => derekjenn, sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED