libpng version up to and including 1.2.5 have a couple of secuirty holes. Here are some CVE names > 1) Remotely exploitable stack-based buffer overrun in png_handle_tRNS > (pngrutil.c) > 2) Dangerous code in png_handle_sBIT (pngrutil.c) (Similar code in > png_handle_hIST). CAN-2004-0597 for these (we merge issues that have the same flaw type that get fixed in the same versions). > 3) Possible NULL-pointer crash in png_handle_iCCP (pngrutil.c) (this > flaw is duplicated in multiple other locations). CAN-2004-0598 for those > 4) Theoretical integer overflow in allocation in png_handle_sPLT > (pngrutil.c) > 5) Integer overflow in png_read_png (pngread.c) > 6) Integer overflows during progressive reading. > 7) Other flaws. [integer overflows] CAN-2004-0599 for those
This issue also affects RHEL 2.1
RHEL2.1 is going to be RHSA-2004:390 RHEL3 is going to be RHSA-2004:402 The 2.1 Advisory also deals with an incomplete fix which was previously applied. I have set the release date to 2004-08-04 for the time being, when an official embargoed date arrives, I'll fix it.
Aug 04 1200UTC - removing embargo
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-402.html