#944 Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10
Closed: Fixed None Opened 15 years ago by pghmcfc.

libpng10-1.0.41-1.fc10 includes an upstream fix for a memory leak that can happen when parsing malformed PNG images, which thus has the potential for a DoS attack.

https://bugzilla.redhat.com/show_bug.cgi?id=468990

http://koji.fedoraproject.org/koji/taskinfo?taskID=913611

There will no doubt be a corresponding update for the main libpng package too.

There is no ABI change in this update, and I shall be preparing the same update for Fedora 8 and 9.


The only real change is a security fix for a remotely-exploitable DoS bug.

OTOH, as pointed out in the bug report, there's plenty of ways to craft a valid PNG that will consume all the memory on your system.

Definite +1 for Final, and for Preview if there's time, but this isn't something to do an emergency respin over.

Metadata Update from @pghmcfc:
- Issue set to the milestone: Fedora 10 Final

7 years ago

Login to comment on this ticket.

Metadata