libsemanage
151
This update has been rated as having moderate security impact by the Red Hat Security Response
Team.
The libpng packages contain a library of functions for creating and manipulating PNG (Portable
Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain,
unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked
against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (
CVE-2009-0040
1145
)
A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an
application linked against libpng attempted to process a malformed, unknown chunk in a malicious
PNG image, it could cause the application to crash. (
CVE-2008-1382
1146
)
Users of libpng and libpng10 should upgrade to these updated packages, which contain backported
patches to correct these issues. All running applications using libpng or libpng10 must be restarted for
the update to take effect.
1.121. libsemanage
1.121.1. RHBA-2009:1298: bug fix update
Updated libsemanage packages that fix multiple issues are now available.
libsemanage provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy
(the policy compiler) and similar tools, as well as by programs such as load_policy, which must
perform specific transformations on binary policies (for example, customizing policy boolean settings)
These updated packages fix the following bugs:
• dontaudit messages could not be disabled, which made it difficult for customers building their own
security policies to identify which policies were being denied. This updated package includes the
"sepol_set_disable_dontaudit" and "semanage_set_disable_dontaudit" functions, which allow
dontaudit messages to be disabled. (
BZ#493114
1147
)
• corrected a specific versioned dependency issue relating to libsepol (
BZ#512662
1148
)
All users of libsemanage are advised to upgrade to these updated packages, which resolve these
issues.
1.122. libsepol
1.122.1. RHBA-2009:1273: bug fix update
Updated libsepol packages that resolve several issues are now available.
libsepol provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the
policy compiler) and similar tools, and programs such as load_policy, which must perform specific
transformations on binary policies (for example, customizing policy boolean settings).
1145
https://www.redhat.com/security/data/cve/CVE-2009-0040.html
1146
https://www.redhat.com/security/data/cve/CVE-2008-1382.html
Содержание ENTERPRISE 5.4 RELEASE NOTES
Страница 1: ...Red Hat Enterprise Linux 5 4 Technical Notes Every Change to Every Package ...
Страница 18: ...xviii ...
Страница 306: ...288 ...
Страница 464: ...446 ...
Страница 466: ...448 ...