libpng is a library used to create and manipulate PNG (Portable
Network Graphics) image files.
Glenn Randers-Pehrson discovered a buffer overflow vulnerability in
unpatched libpng versions prior to 1.0.15 and 1.2.5(*) (inclusive).
Programs such as web browsers and various others common applications
make use of libpng. An attacker could exploit this vulnerability to
remotely run arbitrary code or crash such applications by using a
specially crafted png image.
This update provides patched versions of libpng with fixes for this
* The libpng-1.2.X series is available only in Conectiva Linux 8 in
the libpng3 package.
All users should upgrade.
Please note that in order to complete the upgrade process, you must
restart all running aplications that are linked against libpng after
the new packages installation. You can see a list of such
applications using the lsof utility, as seen below: