Update for ImageMagick, ImageMagick.256, Mozilla... security low

libpng12-0: security update

This update of libpng12-0 fixes:
- CVE-2011-2501: CVSS v2 Base Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
(CWE-DesignError)
- CVE-2011-2690: CVSS v2 Base Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
- CVE-2011-2691: CVSS v2 Base Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
- CVE-2011-2692: CVSS v2 Base Score: 5.0
(AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)

Fixed bugs
bnc#702578
VUL-1: libpng regression DoS
bnc#706389
VUL-0: libpng memory corruption when handling empty sCAL chunks
bnc#706388
VUL-0: libpng crash in png_default_error due to use of NULL Pointer
bnc#706387
VUL-0: libpng buffer overwrite in png_rgb_to_gray
CVE#CVE-2011-2692
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corr
CVE#CVE-2011-2690
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite m
CVE#CVE-2011-2691
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cau
CVE#CVE-2009-5063
Memory leak in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is du
CVE#CVE-2011-2501
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an o
CVE#CVE-2008-6218
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
Selected Binaries
openSUSE Build Service is sponsored by