A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash. Updated packages are available from download.opensuse.org.
openSUSE Security Update: libpng12: Fixed a heap based buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0316-1 Rating: important References: #747311 Cross-References: CVE-2011-3026 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). libpng 1.2 was updated to 1.2.47 to fix this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libpng12-5846 libpng14-5847 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.2.47]: libpng12-0-1.2.47-0.8.1 libpng12-compat-devel-1.2.47-0.8.1 libpng12-devel-1.2.47-0.8.1 libpng14-14-1.4.4-3.6.1 libpng14-compat-devel-1.4.4-3.6.1 libpng14-devel-1.4.4-3.6.1 - openSUSE 11.4 (x86_64) [New Version: 1.2.47]: libpng12-0-32bit-1.2.47-0.8.1 libpng12-compat-devel-32bit-1.2.47-0.8.1 libpng12-devel-32bit-1.2.47-0.8.1 libpng14-14-32bit-1.4.4-3.6.1 libpng14-compat-devel-32bit-1.4.4-3.6.1 libpng14-devel-32bit-1.4.4-3.6.1 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747311