Mandrake Linux Security Advisory : libpng (MDKSA-2007:217)
Medium Nessus Plugin ID 28200
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities were discovered in libpng :
An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function (CVE-2007-5266; only affects Mandriva Linux 2008.0).
George Cook and Jeff Phillips reported several errors in pngrtran.c, such as the use of logical instead of bitwise functions and incorrect comparisons (CVE-2007-5268; only affects Mandriva Linux 2008.0).
Tavis Ormandy reported out-of-bounds read errors in several PNG chunk handling functions (CVE-2007-5269).
Updated packages have been patched to correct these issues. For Mandriva Linux 2008.0, libpng 1.2.22 is being provided which corrects all three issues.
SolutionUpdate the affected packages.