Oval Definition:oval:com.redhat.rhsa:def:20090340
Revision Date:2009-03-04Version:633
Title:RHSA-2009:0340: libpng security update (Moderate)
Description:The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.

  • A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040)

    Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-0040
    RHSA-2009:0340
    RHSA-2009:0340-01
    RHSA-2009:0340-01
    Platform(s):Red Hat Enterprise Linux 3
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • libpng-devel is earlier than 2:1.2.2-29
  • AND libpng-devel is signed with Red Hat master key
  • libpng is earlier than 2:1.2.2-29
  • AND libpng is signed with Red Hat master key
  • libpng10 is earlier than 0:1.0.13-20
  • AND libpng10 is signed with Red Hat master key
  • libpng10-devel is earlier than 0:1.0.13-20
  • AND libpng10-devel is signed with Red Hat master key
    • BACK