Apple Security Advisory 2016-03-21-5 - OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
70ee7534060a15cce4887519635499ad26a30d4596bdf4d28ce6ea94b25fefad
Mandriva Linux Security Advisory 2015-090 - The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service via an IDAT chunk with a length of zero. libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in png_combine_row() when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary data.
721892150da01f6313a1b99a68e76de5d0f151f714d22a4bb6438918cbb8aa9b
Gentoo Linux Security Advisory 201502-10 - Two vulnerabilities have been found in libpng, possibly resulting in execution of arbitrary code. Versions less than 1.6.16 are affected.
67d11ac2a7cb95e97d8640dff6a24b5b8ed323460de161e636a523867f73d0ca