lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.02.1612301137060.30440@connie.slackware.com>
Date: Fri, 30 Dec 2016 11:37:21 -0800 (PST)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security]  libpng (SSA:2016-365-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  libpng (SSA:2016-365-01)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libpng-1.6.27-i586-1_slack14.2.txz:  Upgraded.
  This release fixes an old NULL pointer dereference bug in png_set_text_2()
  discovered and patched by Patrick Keshishian.  The potential "NULL
  dereference" bug has existed in libpng since version 0.71 of June 26, 1995.
  To be vulnerable, an application has to load a text chunk into the png
  structure, then delete all text, then add another text chunk to the same
  png structure, which seems to be an unlikely sequence, but it has happened.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.57-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.57-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.20-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.20-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.20-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.20-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.20-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.20-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.20-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.20-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.27-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.27-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.27-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.27-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
f26b0d28dce4a534c636686d65ca2bca  libpng-1.2.57-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
3db9e1e834935c94c218b4611b2d54af  libpng-1.2.57-x86_64-1_slack13.0.txz

Slackware 13.1 package:
e6006925ff5e15d555548a917f89f0b7  libpng-1.4.20-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2ca4cc7af20955b24d7848cc4837ec77  libpng-1.4.20-x86_64-1_slack13.1.txz

Slackware 13.37 package:
130b69e8f87408467e43562e47568005  libpng-1.4.20-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
2a9aeeebb3d048cef35bee237adef15b  libpng-1.4.20-x86_64-1_slack13.37.txz

Slackware 14.0 package:
cadeb289370ae522b7e9b89e6ca0f9ef  libpng-1.4.20-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
a79cbfdc52b5fbf0a9c6bb224f7e8b78  libpng-1.4.20-x86_64-1_slack14.0.txz

Slackware 14.1 package:
c706d0ab66ee2ef36570daf8f6bddd0a  libpng-1.4.20-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
0dab89c2e0203c5d81f99d53a83adf76  libpng-1.4.20-x86_64-1_slack14.1.txz

Slackware 14.2 package:
ac7062bd6e0ab681c003edac12be9d78  libpng-1.6.27-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
26cd876c9156c6cff5d9070c2200b19a  libpng-1.6.27-x86_64-1_slack14.2.txz

Slackware -current package:
3d1b8ba951c04d9ae8febf16e76521e7  l/libpng-1.6.27-i586-1.txz

Slackware x86_64 -current package:
f8ee6e92995328b271b20d436734ecac  l/libpng-1.6.27-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libpng-1.6.27-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlhmtw4ACgkQakRjwEAQIjME7ACfUmU5WPylE0xtQxR13zNYp+cP
N64Ani8hdmLSHMz4TYkT6elkPLF14nm2
=31pA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ