Educause Security Discussion mailing list archives
Re: libpng vulnerabilities - US-CERT Technical Cyber Security Alert TA04-217A
From: Eric Pancer <epancer () SECURITY DEPAUL EDU>
Date: Fri, 6 Aug 2004 12:20:31 -0500
Mary Ann Blair wrote on Fri, 2004-08-06 at 12:18:34 -0400...
How are your institutions responding to the announced vulnerability in libpng? While there are no known exploits at this time neither are there patches
There's patches for libpng; you can relink your software against that if it's critical.
for much of the affected software. There's enough concern on my campus that there's talk of dropping vulnerable software from some platforms.
That seems like a fairly reactive response. If we dropped vulnerable software from all hosts that didn't have a publicly published exploit, we probably wouldn't be running many machines or applications. -- Eric Pancer :.: Computer Security Response Team :.: DePaul University http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: libpng vulnerabilities - US-CERT Technical Cyber Security Alert TA04-217A Eric Pancer (Aug 06)