Mandriva Linux Security Advisory : libpng (MDVSA-2009:051)
Medium Nessus Plugin ID 36671
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA number of vulnerabilities have been found and corrected in libpng :
Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was allready fixed in Mandriva Linux 2009.0.
Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0 (CVE-2008-5907).
Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library (CVE-2009-0040).
The updated packages have been patched to prevent this.
SolutionUpdate the affected packages.