FS#10192 - libpng<1.2.27 denial-of-service exploit
Attached to Project:
Arch Linux
Opened by Paul Bredbury (brebs) - Monday, 14 April 2008, 20:24 GMT
Last edited by eliott (cactus) - Thursday, 08 May 2008, 06:10 GMT
Opened by Paul Bredbury (brebs) - Monday, 14 April 2008, 20:24 GMT
Last edited by eliott (cactus) - Thursday, 08 May 2008, 06:10 GMT
|
Details
Hi, libpng has a potential denial-of-service exploit:
http://secunia.com/advisories/29792/ http://bugs.gentoo.org/show_bug.cgi?id=217047 Here's a PKGBUILD for libpng 1.2.27beta03, which does not have the bug. 
PKGBUILD
(1.1 KiB)
|
This task depends upon
Closed by eliott (cactus)
Thursday, 08 May 2008, 06:10 GMT
Reason for closing: Fixed
Additional comments about closing: closing.
sounds like a fix is on the way (in testing).
reopen if needed.
Thursday, 08 May 2008, 06:10 GMT
Reason for closing: Fixed
Additional comments about closing: closing.
sounds like a fix is on the way (in testing).
reopen if needed.
/opt/mozilla/lib/firefox-3.0b5/firefox-bin: relocation error: /opt/mozilla/lib/firefox-3.0b5/libxul.so: symbol png_get_first_frame_is_hidden, version PNG12_0 not defined in file libpng12.so.0 with link time reference
checking for png_get_acTL in -lpng... no
configure: error: --with-system-png won't work because the system's libpng doesn't have APNG support
The problem, as mentioned in
FS#9570is that the official libpng does *not* include Animated PNG. Some scraps of info here:http://en.wikipedia.org/wiki/Portable_Network_Graphics#Animation