From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MKhko-0007iD-IF for garchives@archives.gentoo.org; Sat, 27 Jun 2009 23:56:18 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 05574E04D7; Sat, 27 Jun 2009 23:56:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id D72A7E04D7 for ; Sat, 27 Jun 2009 23:56:17 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 8CB75646D1 for ; Sat, 27 Jun 2009 23:56:17 +0000 (UTC) Received: from keytoaster by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1MKhkn-0004yF-8P for gentoo-commits@lists.gentoo.org; Sat, 27 Jun 2009 23:56:17 +0000 From: "Tobias Heinlein (keytoaster)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, keytoaster@gentoo.org Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200906-01.xml X-VCS-Repository: gentoo X-VCS-Files: glsa-200906-01.xml X-VCS-Directories: xml/htdocs/security/en/glsa X-VCS-Committer: keytoaster X-VCS-Committer-Name: Tobias Heinlein Content-Type: text/plain; charset=utf8 Message-Id: Sender: Tobias Heinlein Date: Sat, 27 Jun 2009 23:56:17 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 3bbba40c-a849-4a9a-8d9b-2a32840b53c8 X-Archives-Hash: f8269ac9768aca643cd8bfbc5466fa81 keytoaster 09/06/27 23:56:17 Added: glsa-200906-01.xml Log: GLSA 200906-01 Revision Changes Path 1.1 xml/htdocs/security/en/glsa/glsa-200906-01.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en= /glsa/glsa-200906-01.xml?rev=3D1.1&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en= /glsa/glsa-200906-01.xml?rev=3D1.1&content-type=3Dtext/plain Index: glsa-200906-01.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D libpng: Information disclosure A vulnerability has been discovered in libpng that allows for informa= tion disclosure. libpng June 27, 2009 June 27, 2009: 01 272970 remote 1.2.37 1.2.37

libpng is the official PNG reference library used to read, write and manipulate PNG images.

Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, whic= h causes libpng to include uninitialized bits in certain rows of a PNG file.

A remote attacker might entice a user to open a specially crafted PNG file, possibly resulting in the disclosure of sensitive memory portions.

There is no known workaround at this time.

All libpng users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=3Dmedia-libs/libpng-1.2= .37" CVE-2009-2042 keytoaster keytoaster