[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 375-1] libpng security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libpng
Version        : 1.2.44-1+squeeze6
CVE ID         : CVE-2012-3425 CVE-2015-8472 CVE-2015-8540

CVE-2015-8472
     update incomplete patch for CVE-2015-8126

CVE-2015-8540
     underflow read in png_check_keyword in pngwutil.c

CVE-2012-3425
     The png_push_read_zTXt function in pngpread.c in libpng 1.0.x
     before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and
     1.5.x before 1.5.10 allows remote attackers to cause a denial
     of service (out-of-bounds read) via a large avail_in field value
     in a PNG image.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWgFHiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHowkP/1dM87dQ/6EuvjaOjFJqyB6f
EOYC7C0CulBNWpo7VoubfsV3VrgJyn/Q9e7sHbJhCNi7hplzoohcPz/MG1xgPcmP
jqP3eCHldmKii3Hpz/bk98Ugr9Mbt11kDJeM0KBdDre22P4Lf/Bjv0CLtmokDAgQ
L6m1ZYHngCzbv/H9rkK3E5jnjMmPcwn5ylkJFQhbqObMXJ2/iw3ZXBsL7fadm30f
oNjc2JCIExXD9CXepGIV/Z8+01hi94y/UWOizIW6uEiYcG0MqphQqo/XYfRanFqr
gvb3+d613QgKrZJGmPFrMvM94lVC236scZW0bXbKzUfIIUsawqEns9aaSd4rKGOd
mjGS7H49yofnJT4PavPG6ors7xHy7GyRmeI87w0jsUtaffb7fQ4hPkrIc3lMbVQX
qR13QGuRuSyhPC3BSYlgBEyPREebkSsUBGz8jdXgX8jIrwcV6p6nLGzga+Yg4UiM
8RD3wsdDrugitpR2Eo7oejhERQaN3kUcn4+cyIvGvxWam6yoPo6QoxVR6h+dc9Cs
Jts6cImk2IT6rWsvdHpY1ONCFOF0MYUunw9hjNlzxufgTabG6OXDyoixZXcfToX0
jmiwwQgAmm0o9kkmTBPAbNM5aABpb+P7li8Cz6lShaps7VTVRXGLCr1//PzpenGH
+2pP7GGl6S7RlWBESotm
=3M2j
-----END PGP SIGNATURE-----


Reply to: