New Search

RHSA-2009:0333 -- libpng security update (Moderate)

oval:org.mitre.oval:def:29196

Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to freerandom memory if certain unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng it could cause the application to crash or potentially execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 2
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2009:0333
  • CESA-2009:0333-CentOS 2
  • CVE-2008-1382
  • CVE-2009-0040
Product(s):
  • libpng10
  • libpng