libpng question

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
ZoontF
Posts: 332
Joined: Fri Nov 07, 2003 2:07 pm
Location: Middle o' Vermont
Contact:

libpng question

Unread postby ZoontF » Tue Sep 14, 2004 9:30 pm

How are we irix users affected by the august libpng vulnerability? Although I do not know for sure, I suspect freeware and nekoware and other stuff is linked against libpng, correct?

User avatar
squeen
Moderator
Moderator
Posts: 2933
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Unread postby squeen » Wed Sep 15, 2004 3:39 am

I uploaded a new version (1.2.6) with the security fix some time ago. Looks like I forgot to change the version number listed in the sw subsystem header so "versions" still reported 1.2.5. Sorry about that, I've placed a new one in beta. Either way libpng nekoware should be OK for security. HOWEVER, zlib and rsync need security updates.

I know we will all try to stay on top of this -- but I believe a disclaimer for all of nekoware is in order.

On a related note, I noticed a non-security related bug-fix has been released as libpng 1.2.7. Hopefully this will fix the Mozilla issue we've been having on some png image loads. I'll build it later today.

User avatar
foetz
Moderator
Moderator
Posts: 6590
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Unread postby foetz » Wed Sep 15, 2004 4:55 pm

On a related note, I noticed a non-security related bug-fix has been released as libpng 1.2.7. Hopefully this will fix the Mozilla issue we've been having on some png image loads. I'll build it later today.


good. the old update sadly didn't solve the probs...
newer builds even didn't startup at all.

User avatar
squeen
Moderator
Moderator
Posts: 2933
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Unread postby squeen » Thu Sep 16, 2004 4:27 am

Crud!

I built libpng-1.2.7.tardist and placed it in the nekoware/beta directory.

It did not correct the mozilla progressive load error. What's more I am convinced that it is a decompression error and is related to the gtk error I couldn't solve for the 2.4 build.

Would someone (and no I don't just mean sum][one) please run the program /usr/nekoware/bin/gtk-demo from nekoware and double-click the image test. Does the progessive load fail for you with a decompression error?

Thanks.

User avatar
foetz
Moderator
Moderator
Posts: 6590
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Unread postby foetz » Thu Sep 16, 2004 11:36 am

squeen wrote:Crud!

I built libpng-1.2.7.tardist and placed it in the nekoware/beta directory.

It did not correct the mozilla progressive load error. What's more I am convinced that it is a decompression error and is related to the gtk error I couldn't solve for the 2.4 build.


sure. it must be compiled in.

Would someone (and no I don't just mean sum][one) please run the program /usr/nekoware/bin/gtk-demo from nekoware and double-click the image test. Does the progessive load fail for you with a decompression error?

Thanks.


i'm still using my 2.4.0 for desktop use here. demos run fine. no errors at all.
will try the nekoware version next time i'm on my dev machine...


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest