Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 23: FEDORA-2015-39499d9af8 Moderate: libpng Buffer Overflow Fix

fedora
Calendar Grey January 2, 2016
Dist Fedora Esm H88
This patch resolves security flaws in libjpeg for Fedora 24, improving overall image processing safety.
Latest upstream release, includes fixes for security vulnerabilities: CVE-2015-7981, CVE-2015-8126, CVE-2015-8540

Summary

The libpng12 package provides libpng 1.2, an older version of the libpng

library for manipulating PNG (Portable Network Graphics) image format files.

This version should be used only if you are unable to use the current

version of libpng.

Update Information:

Latest upstream release, includes fixes for security vulnerabilities: CVE-2015-7981, CVE-2015-8126, CVE-2015-8540

Change Log

References


[ 1 ] Bug #1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 https://bugzilla.redhat.com/show_bug.cgi?id=1276416 [ 2 ] Bug #1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions https://bugzilla.redhat.com/show_bug.cgi?id=1281756 [ 3 ] Bug #1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() https://bugzilla.redhat.com/show_bug.cgi?id=1291312

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update libpng12' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: libpng12
Product: Fedora 23
Version: 1.2.56
Release: 1.fc23
Summary: Old version of libpng, needed to run old binaries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here