Debian-LTS alert DLA-343-1 (libpng)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 343-1] libpng security update | |
| Date: | Tue, 17 Nov 2015 22:28:08 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.02.1511172224350.12251@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libpng Version : 1.2.44-1+squeeze5 CVE ID : CVE-2012-3425 CVE-2015-7981 CVE-2015-8126 * CVE-2015-7981 Added a safety check in png_set_tIME() (Bug report from Qixue Xiao). * CVE-2015-8126 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. * CVE-2012-3425 vulnerable code is not present here -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJWS5voXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHUVMQAIg/P9+YvhDT6ZCREHrWLal3 3CIo9TszFZ3JDDsXa8RhysgBt2Mx1FXUKIYerEf8NevzquzUbLlce1kfTSPtOhdP TF3t3F6FG5UYRUgKoFL1e9G3PLI0zy023mvuZ2YWqsgINwQPPMGE3/aeNaXv4+8L R5gDU+j9SwceV7+QHdI3WVNoOhemXqC167GwWYdMCsQ19ApmBBcl3Y0vSOQlLeQ+ 1mu518d3HUAhur9zqJKvDm0hvbZcQOcrn/N5hcXU8qC9ZApc1sOFnedBb2JeVQP8 rlwB1mDxueymEJncC4KzmNxjOUv6mARe0jYeR0b99XahPgUMYG34wjfWj+0Va6m/ 5QEbKl16Sv+iX754OceG8uq05ZjriFzXc7BmncJZc7B5v74ABFhrMMk6+qu4CYW0 Oi1BneBJBNFuGDCEEc7f4Eil0Xrq/DwHpsNqVUc8kkPxmq6WAM1P/WRjvrFi0bUN 976xa+lVQfBQQTMMNe/R5K22UBltk63F88pBvjoQUScqSZCG8hw0oPmu5VgGm7Fl wzRVqseIA9/AFQPZCDCqqikgsTdRjpFS7nBAwRwocC0hmwxjAKL9Cc/jncc/lgYW JRdj0JKAi9KmqA2pQcOecJT1QRw3gPCWYuZvj/BVCfBlT0J9HcRt74pzSL4Hm6js MEhbOD2kQ5eminDjMJFO =wFbZ -----END PGP SIGNATURE-----