Red Hat Bugzilla – Bug 216263
CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Last modified: 2007-11-30 17:11:49 EST
"The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng
1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows
context-dependent attackers to cause a denial of service (crash) via malformed
sPLT chunks that trigger an out-of-bounds read."
Appears to be fixed in 1.0.21.
I have 1.0.21 packages prepared, but can't import and build yet due to the cvs
outage. If anyone would like a preview, I have packages here:
(no ppc packages as I don't have a ppc builder)
Note that libpng10 is a Core package for all releases prior to FC6 (and
presumably RHEL too) so separate bugs will need raising for those releases.
disappeared from the wiki, so is there a document somewhere stating how to
prepare and send out a securiry announcement?
1.0.21-1 has built successfully for Rawhide and FC6, and should be released
later today. A fix is still needed for FC5 and earlier releases of course.
FC report is in bug 216706, and today's FE push is in progress.
Looks like this has been fixed for a while now.