stable

libpng10-1.0.67-1.el6

FEDORA-EPEL-2016-62450e4e38 created by pghmcfc 8 years ago for Fedora EPEL 6

This update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian (CVE-2016-10087). The potential "NULL dereference" bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.

The update also fixes some documentation typos and an instance of undefined behavior.

This update has been submitted for testing by pghmcfc.

8 years ago

This update has been pushed to testing.

8 years ago

pghmcfc edited this update.

8 years ago

pghmcfc edited this update.

8 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by pghmcfc.

8 years ago

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
modified
8 years ago
Builds
1
libpng10-1.0.67-1.el6
BZ#1409158 libpng10-1.0.67 is available
0
0
BZ#1409617 CVE-2016-10087 libpng: NULL pointer dereference in png_set_text_2()
0
0
BZ#1409624 CVE-2016-10087 libpng10: libpng: NULL pointer dereference in png_set_text_2() [epel-6]
0
0
libpng10-1.0.67-1.el6

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-vpch4.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy