Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 23: FEDORA-2015-3868cfa17b Critical: Libpng10 Underflow Read

fedora
Calendar Grey December 28, 2015
Dist Fedora Esm H88
Critical Fedora patch released for libpng16 to rectify an overflow vulnerability in png_verify_keyword, enhancing security measures.
An underflow read was found in png_check_keyword in libpng10

Summary

The libpng10 package contains an old version of libpng, a library of functions

for creating and manipulating PNG (Portable Network Graphics) image format

files.

This package is needed if you want to run binaries that were linked dynamically

with libpng 1.0.x.

Update Information:

An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.

Change Log

References


[ 1 ] Bug #1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() https://bugzilla.redhat.com/show_bug.cgi?id=1291312

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libpng10
Product: Fedora 23
Version: 1.0.66
Release: 1.fc23
Summary: Old version of libpng, needed to run old binaries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here