Mandrake Linux Security Advisory : libpng (MDKSA-2004:079)
Critical Nessus Plugin ID 14328
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionChris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL pointer crash in png_handle_iCCP (which is also duplicated in multiple other locations), a theoretical integer overflow in png_read_png, and integer overflows during progressive reading.
All users are encouraged to upgrade immediately.
SolutionUpdate the affected packages.