libpng: Multiple vulnerabilities — GLSA 201611-08

Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service.

Affected Packages

media-libs/libpng on all architectures
Affected versions < 1.6.21
Unaffected versions >= 1.2.56
>= 1.5.26
>= 1.6.21

Background

libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several other programs, including web browsers and potentially server processes.

Description

Multiple vulnerabilities were found in libpng. Please review the referenced CVE’s for additional information.

Impact

Remote attackers could cause a Denial of Service condition or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All libpng 1.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.56"
 

All libpng 1.5 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.26"
 

All libpng 1.6 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.21"
 

References

Release Date
November 15, 2016

Latest Revision
November 15, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries