Oval Definition:oval:com.redhat.rhsa:def:20120407
Revision Date:2012-03-20Version:634
Title:RHSA-2012:0407: libpng security update (Moderate)
Description:The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.

  • A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3045)

    Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.48. All running applications using libpng must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-3045
    CVE-2011-3045
    RHSA-2012:0407
    RHSA-2012:0407-01
    RHSA-2012:0407-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libpng is earlier than 2:1.2.48-1.el6_2
  • AND libpng is signed with Red Hat redhatrelease2 key
  • libpng-devel is earlier than 2:1.2.48-1.el6_2
  • AND libpng-devel is signed with Red Hat redhatrelease2 key
  • libpng-static is earlier than 2:1.2.48-1.el6_2
  • AND libpng-static is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libpng is earlier than 2:1.2.10-16.el5_8
  • AND libpng is signed with Red Hat redhatrelease2 key
  • libpng-devel is earlier than 2:1.2.10-16.el5_8
  • AND libpng-devel is signed with Red Hat redhatrelease2 key
    • BACK