Patch-ID# 139382-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security vuln gnome libpng graphics 64bit tetex
Synopsis: GNOME 2.0.2: libpng Patch
Date: Mar/16/2011


Install Requirements: NA

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 139383

Topic: GNOME 2.0.2: libpng Patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
490182215171290
501969915203119
504806215211446
507522715219072
655590015396092
681393915547019
687497315584488
696529515653132
701323915692380
701324315692382


Changes incorporated in this version: 6874973 6965295 7013239 7013243

Patches accumulated and obsoleted by this patch: 114822-06

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/lib/pkgconfig/libpng.pc
/usr/lib/pkgconfig/libpng12.pc
/usr/lib/sparcv9/pkgconfig/libpng.pc
/usr/lib/sparcv9/pkgconfig/libpng10.pc (deleted)
/usr/lib/sparcv9/pkgconfig/libpng12.pc
/usr/sfw/bin/libpng-config
/usr/sfw/bin/libpng12-config
/usr/sfw/include/libpng (deleted)
/usr/sfw/include/libpng12/png.h
/usr/sfw/include/libpng12/pngconf.h
/usr/sfw/include/png.h
/usr/sfw/include/pngconf.h
/usr/sfw/lib/libpng.la
/usr/sfw/lib/libpng.so
/usr/sfw/lib/libpng.so.2
/usr/sfw/lib/libpng.so.2.1.0.12 (deleted)
/usr/sfw/lib/libpng.so.2.1.0.15 (deleted)
/usr/sfw/lib/libpng.so.2.1.0.26 (deleted)
/usr/sfw/lib/libpng.so.2.43.0 (deleted)
/usr/sfw/lib/libpng.so.2.54.0
/usr/sfw/lib/libpng.so.3
/usr/sfw/lib/libpng.so.3.1.2.18 (deleted)
/usr/sfw/lib/libpng.so.3.1.2.5 (deleted)
/usr/sfw/lib/libpng.so.3.35.0 (deleted)
/usr/sfw/lib/libpng.so.3.44.0
/usr/sfw/lib/libpng10.so
/usr/sfw/lib/libpng10.so.0
/usr/sfw/lib/libpng10.so.0.1.0.15 (deleted)
/usr/sfw/lib/libpng10.so.0.1.0.26 (deleted)
/usr/sfw/lib/libpng10.so.0.43.0 (deleted)
/usr/sfw/lib/libpng10.so.0.54.0
/usr/sfw/lib/libpng12.la
/usr/sfw/lib/libpng12.so
/usr/sfw/lib/libpng12.so.0
/usr/sfw/lib/libpng12.so.0.1.2.18 (deleted)
/usr/sfw/lib/libpng12.so.0.1.2.5 (deleted)
/usr/sfw/lib/libpng12.so.0.35.0 (deleted)
/usr/sfw/lib/libpng12.so.0.44.0
/usr/sfw/lib/sparcv9/libpng.so
/usr/sfw/lib/sparcv9/libpng.so.2
/usr/sfw/lib/sparcv9/libpng.so.2.1.0.15 (deleted)
/usr/sfw/lib/sparcv9/libpng.so.2.26.0 (deleted)
/usr/sfw/lib/sparcv9/libpng.so.2.43.0 (deleted)
/usr/sfw/lib/sparcv9/libpng.so.2.54.0
/usr/sfw/lib/sparcv9/libpng.so.3
/usr/sfw/lib/sparcv9/libpng.so.3.1.2.5 (deleted)
/usr/sfw/lib/sparcv9/libpng.so.3.18.0 (deleted)
/usr/sfw/lib/sparcv9/libpng.so.3.35.0 (deleted)
/usr/sfw/lib/sparcv9/libpng.so.3.44.0
/usr/sfw/lib/sparcv9/libpng10.so
/usr/sfw/lib/sparcv9/libpng10.so.0
/usr/sfw/lib/sparcv9/libpng10.so.0.1.0.15 (deleted)
/usr/sfw/lib/sparcv9/libpng10.so.0.26.0 (deleted)
/usr/sfw/lib/sparcv9/libpng10.so.0.43.0 (deleted)
/usr/sfw/lib/sparcv9/libpng10.so.0.54.0
/usr/sfw/lib/sparcv9/libpng12.so
/usr/sfw/lib/sparcv9/libpng12.so.0
/usr/sfw/lib/sparcv9/libpng12.so.0.1.2.5 (deleted)
/usr/sfw/lib/sparcv9/libpng12.so.0.18.0 (deleted)
/usr/sfw/lib/sparcv9/libpng12.so.0.35.0 (deleted)
/usr/sfw/lib/sparcv9/libpng12.so.0.44.0
/usr/sfw/share/man/man3/libpng.3
/usr/sfw/share/man/man3/libpngpf.3
/usr/sfw/share/man/man5/png.5

Problem Description:

6874973 CVE-2009-2042: libpng vulnerability: update libpng to 1.2.37 (or later)
6965295 CVE-2010-1205/CVE-2010-2249: multiple security issues in libpng 1.2 versions before 1.2.44
7013239 libpng packages must set usr/sfw/share/man/man5 attributes consistently with SunFreeware packages
7013243 SUNWpng and SUNWpngx change BASEDIR to /usr, FCS has /
 
(from 139382-02)
 
6813939 CERT VU#649212: libpng vulnerability - libpng fails to properly initialize element pointers
 
(from 139382-01)
 
6555900 CERT VU#684664: libpng needs to be upgraded due to security vulnerability (DoS to linking apps)
 
(from 114822-06)
 
6813939 CERT VU#649212: libpng vulnerability - libpng fails to properly initialize element pointers
 
(from 114822-05)
 
6555900 CERT VU#684664: libpng needs to be upgraded due to security vulnerability (DoS to linking apps)
 
(from 114822-04)
 
5075227 multiple vulnerabilities in libpng [CAN-2004-0597]
 
(from 114822-03)
 
5048062	incorrect version string for 2.0.2 GNOME patch 114822-02
 
(from 114822-02)
 
5019699 libpng12.pc has invalid prefix value which causes build failure when used
 
(from 114822-01)
 
4901822 tetex 2.0.2 needs libpng 1.2.5 version for correct rendering of png images within tex documents


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Logout and login back to GNOME after applying the patch.
 
NOTE 2:  To get the 32bit support for tetex (BugId 4901822 tetex 2.0.2 needs
         libpng 1.2.5 version for correct rendering of png images within tex
         documents), please also install the following patch:
 
         114818-03 (or greater)  GNOME 2.0.0: libpng patch


README -- Last modified date: Saturday, November 10, 2012