Advisories:rPSA-2006-0133

From rPath Wiki

rPath Security Advisory 2006-0133-2

Published: 2006-07-19

Updated

1. 2006-07-24 Updated development library symbolic

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

User Non-deterministic Unauthorized Access

Updated Versions

• libpng=conary.rpath.com@rpl:1/1.2.12-4-0.1

rPath Issue Tracking System

• RPL-517
• RPL-529

References

• CVE-2006-3334

Description

Previous versions of the libpng package contain a weakness in

processing images that is known to create a denial of service

vulnerability and is expected also to allow unauthorized access.

This weakness is triggered by malformed png images that may be

provided to applications such as web browsers by an attacker.

The initial update for this security issue provided a symlink to

a version of the libpng library that could fail when building

software packages that otherwise would build for rPath Linux 1.

The update to libpng=/conary.rpath.com@rpl:devel//1/1.2.12-4-0.1

resolves that incompatibility.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html