Oval Definition:oval:com.redhat.rhsa:def:20120317
Revision Date:2012-02-20Version:635
Title:RHSA-2012:0317: libpng security update (Important)
Description:The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.

  • A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)

    Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2011-3026
    CVE-2011-3026
    RHSA-2012:0317
    RHSA-2012:0317-01
    RHSA-2012:0317-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libpng is earlier than 2:1.2.7-9.el4
  • AND libpng is signed with Red Hat redhatrelease2 key
  • libpng-devel is earlier than 2:1.2.7-9.el4
  • AND libpng-devel is signed with Red Hat redhatrelease2 key
  • libpng10 is earlier than 0:1.0.16-10.el4
  • AND libpng10 is signed with Red Hat redhatrelease2 key
  • libpng10-devel is earlier than 0:1.0.16-10.el4
  • AND libpng10-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libpng is earlier than 2:1.2.10-15.el5_7
  • AND libpng is signed with Red Hat redhatrelease2 key
  • libpng-devel is earlier than 2:1.2.10-15.el5_7
  • AND libpng-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libpng is earlier than 2:1.2.46-2.el6_2
  • AND libpng is signed with Red Hat redhatrelease2 key
  • libpng-devel is earlier than 2:1.2.46-2.el6_2
  • AND libpng-devel is signed with Red Hat redhatrelease2 key
  • libpng-static is earlier than 2:1.2.46-2.el6_2
  • AND libpng-static is signed with Red Hat redhatrelease2 key
  • BACK