libpng 1.2.10 release

[vandal]

This is actually been out quite a while, just noticed now.

http://www.libpng.org/pub/png/libpng.html

 

[redesb]

libpng 1.2.12 released

Time to update to 1.2.12?

Vulnerability Warning (from libpng site)

Versions up through 1.2.11 and 1.0.19 have a buffer-overrun vulnerability when a particular error message is triggered. The overrun is always by exactly two bytes ('k' and NULL) so it seems highly unlikely that it could be used for anything more nefarious than denial of service (e.g., crashing your browser when you visit a site displaying a specially crafted PNG). Nevertheless, it's worth fixing, and versions libpng 1.2.12 and libpng 1.0.20, released 27 June 2006, do just that. (Note that 1.2.11 and 1.0.19 erroneously claimed to include the fix, but in fact it had been inadvertently omitted.)

The same releases (and their immediate predecessors) also fix an out-of-bounds (by one) memory read and a second buffer overrun, this one in the code that writes the sCAL chunk (which is rather rare in any case).

 

[X-Hosted]

Let me do a try about how to update:

Nano build and edit the libpng version?

Or else we should ask Weal?

 

[redesb]

I have done the following:

cd /usr/local/directadmin/customapache
./build clean
./build update

Here I edit the 'build' file changing:

#       PNG_VER=1.2.10
        PNG_VER=1.2.12

And finally:

./build all

Work for me on CentOS 4.3

 

[Chrysalis]

this version is already in the freebsd ports tree.

 

[@how@]

Tested
******

cd /usr/local/directadmin/customapache
wget http://superb-west.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-no-config.tar.gz
mv libpng-1.2.12-no-config.tar.gz libpng-1.2.12.tar.gz

edit build

nano -w build

search to

if [ -e /lib64 ]; then
        PNG_VER=1.2.8
else
        PNG_VER=1.2.10
fi

and replace to

if [ -e /lib64 ]; then
        PNG_VER=1.2.8
else
        PNG_VER=1.2.12
fi

save
then build php
Apache 2.x
./build php_ap2 y

Apache 1.3
./build php y


Wael

 

[neo123]

Tested
******

cd /usr/local/directadmin/customapache
wget [url]http://superb-west.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-no-config.tar.gz[/url]
mv libpng-1.2.12-no-config.tar.gz libpng-1.2.12.tar.gz

edit build

nano -w build

search to

if [ -e /lib64 ]; then
        PNG_VER=1.2.8
else
        PNG_VER=1.2.10
fi

and replace to

if [ -e /lib64 ]; then
        PNG_VER=1.2.8
else
        PNG_VER=1.2.12
fi

save
then build php
Apache 2.x
./build php_ap2 y

Apache 1.3
./build php y


Wael

during update server closed the network connection with putty

wot to do now?

i am living nearthe data center so can go to the data center to fix something without problems but dunno wot to do???

plz help

 

[@how@]

during update server closed the network connection with putty

wot to do now?

i am living nearthe data center so can go to the data center to fix something without problems but dunno wot to do???

plz help

restart sshd from DA then remove php folder from
/usr/local/directadmin/customapache/
then try to build php again


Wael

 

[neo123]

i cant log in into da anymore aswell

so i need to go to the datacenter i am affraid!

if you can give me the commands how to delete php and build again i want to use php 4.4.3 etc etc ! that would help me out etc

include how to restart ssh when i am in the data center

thanks

 

[@how@]

i cant log in into da anymore aswell

so i need to go to the datacenter i am affraid!

if you can give me the commands how to delete php and build again i want to use php 4.4.3 etc etc ! that would help me out etc

include how to restart ssh when i am in the data center

thanks

DirectAdmin did't work ?

 

[neo123]

nope directadmin:2222 didnt work

 

[Chrysalis]

if compiling crashed the server I would suspect hardware failure unable to deal with the increased load.