vandal
Verified User
This is actually been out quite a while, just noticed now.
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/libpng.html
Vulnerability Warning (from libpng site)
Versions up through 1.2.11 and 1.0.19 have a buffer-overrun vulnerability when a particular error message is triggered. The overrun is always by exactly two bytes ('k' and NULL) so it seems highly unlikely that it could be used for anything more nefarious than denial of service (e.g., crashing your browser when you visit a site displaying a specially crafted PNG). Nevertheless, it's worth fixing, and versions libpng 1.2.12 and libpng 1.0.20, released 27 June 2006, do just that. (Note that 1.2.11 and 1.0.19 erroneously claimed to include the fix, but in fact it had been inadvertently omitted.)
The same releases (and their immediate predecessors) also fix an out-of-bounds (by one) memory read and a second buffer overrun, this one in the code that writes the sCAL chunk (which is rather rare in any case).
cd /usr/local/directadmin/customapache
./build clean
./build update
# PNG_VER=1.2.10
PNG_VER=1.2.12
./build all
cd /usr/local/directadmin/customapache
wget http://superb-west.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-no-config.tar.gz
mv libpng-1.2.12-no-config.tar.gz libpng-1.2.12.tar.gz
nano -w build
if [ -e /lib64 ]; then
PNG_VER=1.2.8
else
PNG_VER=1.2.10
fi
if [ -e /lib64 ]; then
PNG_VER=1.2.8
else
PNG_VER=1.2.12
fi
@how@ said:Tested
******
edit buildCode:cd /usr/local/directadmin/customapache wget [url]http://superb-west.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-no-config.tar.gz[/url] mv libpng-1.2.12-no-config.tar.gz libpng-1.2.12.tar.gz
search toCode:nano -w build
and replace toCode:if [ -e /lib64 ]; then PNG_VER=1.2.8 else PNG_VER=1.2.10 fi
saveCode:if [ -e /lib64 ]; then PNG_VER=1.2.8 else PNG_VER=1.2.12 fi
then build php
Apache 2.x
./build php_ap2 y
Apache 1.3
./build php y
Wael
neo123 said:during update server closed the network connection with putty
wot to do now?
i am living nearthe data center so can go to the data center to fix something without problems but dunno wot to do???
plz help
DirectAdmin did't work ?neo123 said:i cant log in into da anymore aswell
so i need to go to the datacenter i am affraid!
if you can give me the commands how to delete php and build again i want to use php 4.4.3 etc etc ! that would help me out etc
include how to restart ssh when i am in the data center
thanks