Apple Security Advisory 2012-09-24-1 - Apple TV 5.1 is now available and addresses issues relating to malicious media loading, memory corruption, and more.
8b08f2840773bcd43aa00f4439e1687a278652e1b463a125bb95947245e9cf9b
Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.
40b0db811b217e85fb6806b53d13edb126d8f6537576e1fb80a6d9e6c2266a62
Apple Security Advisory 2012-09-19-1 - iOS 6 is now available and addresses CFNetwork, CoreGraphics, CoreMedia, DHCP, and many other vulnerabilities.
948802ec7f4f098a6e019e724692dd60eae2f16a84688f9bf9597fcc368ca8d8
Gentoo Linux Security Advisory 201206-15 - Multiple vulnerabilities in libpng might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.5.10 are affected.
17c59fa4ea570ff973946e70fe5303b4a6d7f8e5ec1db2b26617090a9a49954b
Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
6c745d9d52173219392680d02b0a80f2ccd95e95f7941c4746e37f33fda62ceb
Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
7e81a111ef1b1fb00ad6d1aa3d0f796e2df59993d8ad6ea01b71c9d6e9575d7d
Red Hat Security Advisory 2012-0317-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
f7ceef8cc4721e1c6c97e7e6e7e0ca692f20145ffad616807957beb06bdbecde
Ubuntu Security Notice 1367-4 - USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
0d0957d8f1b212a72b2e0ed3ef558ee29826f579afe90ee5ac01d8fdb775707e
Ubuntu Security Notice 1369-1 - Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
828f494e34eb5a1f78ece739fb1b1d40cd48f816fcc1acab7510901c4f61b8a8
Ubuntu Security Notice 1367-3 - USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
6966e3d1946b7a96f0eca6511609d84fb0c94cafc8206a00eaf8b00ac8ded35d
Ubuntu Security Notice 1367-2 - USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
7dcb035a44e388c2ad00fae879fd233cfe338e7e5dc72ff5b432ba1e047768b6
Ubuntu Security Notice 1367-1 - It was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
5e6e1c7a32e2b8add05d91924c69b9e74d43dbd36b0283706d28bae212b7b2a9
Red Hat Security Advisory 2012-0143-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
6a4b096326db08d8c2fcd440cbca979c1098ca6e720bb0bcd536477dcceab229
Red Hat Security Advisory 2012-0142-01 - Mozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
9c3deacaccde4447524481ab21a6544b41c79753142e01143770d1d3b23bf6bc
Red Hat Security Advisory 2012-0141-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
f1267c41db6a862799ec7a24f82bdf3f9e615c43178f198aa66dbb317e17b034
Red Hat Security Advisory 2012-0140-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG images. An HTML mail message or remote content containing a specially-crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
a03180c6087c793165bf19fb58a59dffacdb68d9bba7fa484e10ce8e5166445f
Debian Linux Security Advisory 2410-1 - Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
8b675f5eee2d9f754d3134353417faeb1e97a65426cf2aec875a9a2292eec7ee