Re: libpng vulnerabilities - US-CERT Technical Cyber Security Alert TA04-217A

[Eric Pancer <epancer () SECURITY DEPAUL EDU>]

Mary Ann Blair wrote on Fri, 2004-08-06 at 12:18:34 -0400...

> How are your institutions responding to the announced vulnerability in
> libpng?  While there are no known exploits at this time neither are there
> patches

There's patches for libpng; you can relink your software against
that if it's critical.

> for much of the affected software. There's enough concern on my
> campus that there's talk of dropping vulnerable software from some
> platforms.

That seems like a fairly reactive response. If we dropped vulnerable
software from all hosts that didn't have a publicly published
exploit, we probably wouldn't be running many machines or
applications.

--
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.