FEDORA-2016-1a7e14d084 created by pghmcfc 2 years ago for Fedora 24
stable

This update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian (CVE-2016-10087). The potential "NULL dereference" bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.

The update also fixes some documentation typos and an instance of undefined behavior.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-1a7e14d084

This update has been submitted for testing by pghmcfc.

2 years ago

This update has been pushed to testing.

2 years ago

pghmcfc edited this update.

2 years ago

pghmcfc edited this update.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by pghmcfc.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1409158 libpng10-1.0.67 is available
0
0
BZ#1409617 CVE-2016-10087 libpng: NULL pointer dereference in png_set_text_2()
0
0
BZ#1409620 CVE-2016-10087 libpng10: libpng: NULL pointer dereference in png_set_text_2() [fedora-all]
0
0

Automated Test Results