Debian Security Advisory DSA 3443-1 (libpng - security update)

Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8472It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications using png_set_PLTE directly. A remote attacker can take advantage of this flaw to cause a denial of service (application crash). CVE-2015-8540 Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword function. A remote attacker can potentially take advantage of this flaw to cause a denial of service (application crash).

libpng on Debian Linux

This check tests the installed software version using the apt package manager.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.49-1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 1.2.50-2+deb8u2. We recommend that you upgrade your libpng packages.