From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200408-03.xml | 70 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 metadata/glsa/glsa-200408-03.xml (limited to 'metadata/glsa/glsa-200408-03.xml') diff --git a/metadata/glsa/glsa-200408-03.xml b/metadata/glsa/glsa-200408-03.xml new file mode 100644 index 000000000000..421d78b496eb --- /dev/null +++ b/metadata/glsa/glsa-200408-03.xml @@ -0,0 +1,70 @@ + + + + libpng: Numerous vulnerabilities + + libpng contains numerous vulnerabilities potentially allowing an attacker + to perform a Denial of Service attack or even execute arbitrary code. + + libpng + 2004-08-05 + 2004-08-05: 01 + 59424 + remote + + + 1.2.5-r8 + 1.2.5-r7 + + + +

+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several other programs, including web + browsers and potentially server processes. +

+ + +

+ libpng contains numerous vulnerabilities including null pointer dereference + errors and boundary errors in various functions. +

+ + +

+ An attacker could exploit these vulnerabilities to cause programs linked + against the library to crash or execute arbitrary code with the permissions + of the user running the vulnerable program, which could be the root user. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All libpng users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/libpng-1.2.5-r8" + # emerge ">=media-libs/libpng-1.2.5-r8" +

+ You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +

+ + # revdep-rebuild + + + CAN-2004-0597 + CAN-2004-0598 + CAN-2004-0599 + + + jaervosz + + -- cgit v1.2.3