[bluewhite64-security] libpng (BW64SA:20090221-01)
Hash: SHA1
[bluewhite64-security] libpng (BW64SA:20090221-01)
New libpng packages are available for Bluewhite64 11.0, 12.0, 12.1, 12.2, and -current to
fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
Here are the details from the Bluewhite64 12.2 ChangeLog:
+--------------------------+
PATCHES/packages/libpng-1.2.35-x86_64-1.tgz: Upgraded to libpng-1.2.35.
This fixes multiple memory-corruption vulnerabilities due to a failure to
properly initialize data structures.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/libpng-1.2.35-x86_64-1.tgz
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/libpng-1.2.35-x86_64-1.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/libpng-1.2.35-x86_64-1.tgz
Updated package for Bluewhite64 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/libpng-1.2.35-x86_64-1.tgz
Updated package for Bluewhite64 -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/l/libpng-1.2.35-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 11.0 package:
b3825b2a6165b62c247592f4ceec2b9c libpng-1.2.35-x86_64-1.tgz
Bluewhite64 12.0 package:
2b7d9f12922a2961bfa5da4cbd303477 libpng-1.2.35-x86_64-1.tgz
Bluewhite64 12.1 package:
00df8843d35846f8353aeb62a6cf30ff libpng-1.2.35-x86_64-1.tgz
Bluewhite64 12.2 package:
b6511ac581f7ce9b81d5b33fbab4c611 libpng-1.2.35-x86_64-1.tgz
Bluewhite64 -current package:
5521e11f71db6578bedcd98117907eb6 libpng-1.2.35-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg libpng-1.2.35-x86_64-1.tgz
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmf/Y8ACgkQpTOsxuDdlY6YKwCePZDoz1xsBx6lcZWLgtqoeK3K
oiUAn0y2wk78YuSAXPxLx6DZWT6ke2VV
=BBH9
-----END PGP SIGNATURE-----