-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:071
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libpng12
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libpng12 package fixes security vulnerabilities:
 
 The png_do_expand_palette function in libpng before 1.6.8 allows remote
 attackers to cause a denial of service (NULL pointer dereference and
 application crash) via a PLTE chunk of zero bytes or a NULL palette,
 related to pngrtran.c and pngset.c (CVE-2013-6954).
 
 An integer overflow leading to a heap-based buffer overflow was found
 in the png_set_sPLT() and png_set_text_2() API functions of libpng. An
 attacker could create a specially-crafted image file and render