RHSA-2015:2595 - Security Advisory Overview Issued: 2015-12-09 Updated: 2015-12-09 Synopsis Moderate: libpng12 security update Type/Severity Security Advisory: Moderate Topic Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Description The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Key vulnerabilities: - The and functions did not calculate maximum palette sizes for bit depths less than 8, leading to buffer overflow or out-of-bounds reads. (CVE-2015-8126, CVE-2015-8472) - An array-indexing error in the function could cause an out-of-bounds read. (CVE-2015-7981) Solution Before applying this update, ensure all previously released errata relevant to your system have been applied. Refer to: https://access.redhat.com/articles/11258 Affected Products Various versions of Red Hat Enterprise Linux (Server, workload, and extended support for x86_64, IBM z Systems, Power, and ppc64 architectures). Fixes BZ - 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in BZ - 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in functions CVEs CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 References http://www.redhat.com/security/updates/classification/#normal