Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2011 10:16:36 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Security issues fixed in libpng 1.5.4

Hi,

There are three security issues which are fixed in libpng 1.5.4 [1].
The following CVE ids are assigned for those issues:

1. buffer overwrite in png_rgb_to_gray
CVE: CVE-2011-2690
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720607

2. Crash in png_default_error due to use of NULL Pointer
CVE: CVE-2011-2691
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720608

3. Memory corruption when handling empty sCAL chunks
CVE: CVE-2011-2692
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720612

Thanks.

[1] http://libpng.org/pub/png/libpng.html

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ