libpng: Multiple vulnerabilities

Background

libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several other programs, including web browsers and potentially server processes.

Description

Multiple vulnerabilities were found in libpng. Please review the referenced CVE’s for additional information.

Impact

Remote attackers could cause a Denial of Service condition or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All libpng 1.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.56"

All libpng 1.5 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.26"

All libpng 1.6 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.21"