Advisories ยป MGASA-2015-0473

Updated libpng packages fix security vulnerabilities

Publication date: 16 Dec 2015
Modification date: 16 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8472

Description

Updated libpng and libpng12 packages fix security vulnerability:

The fix for CVE-2015-8126 was incomplete.  While it defended against the
potential overrun while reading PNG files, it did not detect a potential
overrun by applications using png_set_PLTE directly (CVE-2015-8472).

References

SRPMS

5/core