GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Nov 15, 2016 10:26 am Post subject: [ GLSA 201611-08 ] libpng |
|
|
Gentoo Linux Security Advisory
Title: libpng: Multiple vulnerabilities (GLSA 201611-08)
Severity: normal
Exploitable: remote
Date: November 15, 2016
Bug(s): #564244, #565678, #568216
ID: 201611-08
Synopsis
Multiple vulnerabilities have been found in libpng, the worst of
which may allow remote attackers to cause Denial of Service.
Background
libpng is a standard library used to process PNG (Portable Network
Graphics) images. It is used by several other programs, including web
browsers and potentially server processes.
Affected Packages
Package: media-libs/libpng
Vulnerable: < 1.6.21
Unaffected: >= 1.2.56 < 1.2.57
Unaffected: >= 1.5.26 < 1.5.27
Unaffected: >= 1.6.21
Architectures: All supported architectures
Description
Multiple vulnerabilities were found in libpng. Please review the
referenced CVE’s for additional information.
Impact
Remote attackers could cause a Denial of Service condition or have other
unspecified impacts.
Workaround
There is no known workaround at this time.
Resolution
All libpng 1.2 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.56"
| All libpng 1.5 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.26"
| All libpng 1.6 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.21"
|
References
CVE-2015-7981
CVE-2015-8126
CVE-2015-8540
|
|