[Frugalware-security] [ FSA-450 ] pngcrush
Miklos Vajna
vmiklos at frugalware.org
Tue May 20 13:27:06 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-450
Date: 2008-05-20
Package: pngcrush
Vulnerable versions: <= 1.6.4-1
Unaffected versions: >= 1.6.5-1kalgan1
Related bugreport: http://bugs.frugalware.org/task/3079
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Description
===========
A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to disclose potentially sensitive information or potentially compromise a user's system.
The vulnerability is caused due to the use of vulnerable libpng code. For more information, see FSA434.
Updated Packages
================
Check if you have pngcrush installed:
# pacman-g2 -Q pngcrush
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy pngcrush
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/450
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAkgytYoACgkQZ7NElSD1VhldkQCfU2h+oB4yKYKYneBYknZFkpM9
flQAnil/q/SPikaXATajQ7DyXiWu3Mrw
=a+7b
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list