libpng flaw
 

hi,
a few security flaws have been discovered in the libpng. i'm waiting for slackware to release update package. do they even do that? if so, usually how long does it take the slackware team to release it?
thanks.

Don't worry, it is not an urgent security problem, all the bad thing that it may cause is crash an application when open a bad png file.

i'm talking about this article http://news.com.com/Image+flaw+pierc...?tag=nefd.top, which says, "The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image."

I read the original report and re-read it again, for my part, the worst thing it can do on my system is crashes mozilla ;)

But maybe this security flaw is more important for web hosting that let user upload png files, or sites that use dynamic png files creation by php with libpng support...

The update will be announced in the slackware-security mailing list, who's archives are available on slackware.com. You can download updates to your system in the "patches" directory on Slackware ftp mirrors, or just click on the URLs in the announcement, if I recall correctly.

Perhaps Patrick (the founder and maintainer of Slackware) is waiting for the official release of the next version of libpng rather than backporting the fix or sending out a release-candidate. I wouldn't be overly concerned though, he has released security fixes for libpng before, so I assume he will again. He tends to be prompt about it which is why I figure these things could be holding it up.