FWIW this doesn't just affect open source software. libpng is licenenced
by its own licence and not the GPL. Commercial vendors are free to use it
in their applications too. For example Mac OS X recieved a security update
because libpng is used by the system. For more info see the libpng page:

http://www.libpng.org/pub/png/libpng.html

Wes

On Mon, Aug 30, 2004 at 10:01:14AM -0400, M. Adam Davis wrote:
> The libpng is an open source implementation of the PNG image standard.  
> It is used in a lot of open source projects both on windows and linux 
> (and other operating systems).
> 
> The vulnerability is a simple buffer overflow exploit.  A correctly 
> designed PNG picture might cause a computer running this software to run 
> arbitrary code (whatever the attacker wants to run).
> 
> So a web page that contains a simple picture could spread a virus.
> 
> The problem, AFAIK, is only a possible vulnerability with no known 
> working exploit, but it was fixed because it could be serious.  Upgrade 
> your browser and any open source program that manipulates images and 
> you'll be fine.
> 
> -Adam
> 
> Philip Stortz wrote:
> 
> >ok, i should no this, but what is the libpng vulnerability?  is it only
> >a windows thing? (i hope...  that or hopefully my firewall catches it).
> >
> >Russell McMahon wrote:
> > 
> >
> >>>I use Mozilla 1.something (should upgrade since the latest libpng
> >>>vulnerability...)
> >>>     
> >>>
> >-------
> > 
> >
> _______________________________________________
> http://www.piclist.com
> View/change your membership options at
> http://mailman.mit.edu/mailman/listinfo/piclist

-- 
Wesley Moore - wmoore@freeshell.org - http://wmoore.no-ip.info/
Free Email provided by: SDF Public Access UNIX System http://sdf.lonestar.org/
_______________________________________________
http://www.piclist.com
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist