Wind River Support Network

HomeOther DownloadsSecurity Advisory - libpng - CVE-2008-1382
Optional Type: Patch

Security Advisory - libpng - CVE-2008-1382

Released: May 8, 2008     Updated: May 8, 2008

Description

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382 IDENTIFIER = WIND00121226


Product Version

Linux 3, Linux Platforms 2.0, Linux Platforms 1.x

Downloads


Installation Notes

Installation Notes

WIND00121230.zip is for 1.4
WIND00121228.zip is for 1.5
WIND00121227.zip is for 2.0

1. Unzip the patch under [install_dir]/updates

2. Install the patch CD by entering the patch CD directory and run setup_linux.

3. This is a source only patch so you will have to build the kernel

4. Issue a make fs and make the kernel in a configured directory.

5. Upload the kernel and rootfs into the target and boot it up.


Live chat
Online