Security update for libpng12 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2136-1 Final 1 1 2015-11-27T12:54:16Z current 2015-11-27T12:54:16Z 2015-11-27T12:54:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpng12 The libpng12 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html E-Mail link for openSUSE-SU-2015:2136-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libpng12-1.2.50-5.1 libpng12-0-1.2.50-5.1 libpng12-0-32bit-1.2.50-5.1 libpng12-compat-devel-1.2.50-5.1 libpng12-compat-devel-32bit-1.2.50-5.1 libpng12-devel-1.2.50-5.1 libpng12-devel-32bit-1.2.50-5.1 libpng12-1.2.50-5.1 as a component of openSUSE Leap 42.1 libpng12-0-1.2.50-5.1 as a component of openSUSE Leap 42.1 libpng12-0-32bit-1.2.50-5.1 as a component of openSUSE Leap 42.1 libpng12-compat-devel-1.2.50-5.1 as a component of openSUSE Leap 42.1 libpng12-compat-devel-32bit-1.2.50-5.1 as a component of openSUSE Leap 42.1 libpng12-devel-1.2.50-5.1 as a component of openSUSE Leap 42.1 libpng12-devel-32bit-1.2.50-5.1 as a component of openSUSE Leap 42.1 The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. CVE-2015-7981 openSUSE Leap 42.1:libpng12-0-1.2.50-5.1 openSUSE Leap 42.1:libpng12-0-32bit-1.2.50-5.1 openSUSE Leap 42.1:libpng12-1.2.50-5.1 openSUSE Leap 42.1:libpng12-compat-devel-1.2.50-5.1 openSUSE Leap 42.1:libpng12-compat-devel-32bit-1.2.50-5.1 openSUSE Leap 42.1:libpng12-devel-1.2.50-5.1 openSUSE Leap 42.1:libpng12-devel-32bit-1.2.50-5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html https://www.suse.com/security/cve/CVE-2015-7981.html CVE-2015-7981 https://bugzilla.suse.com/952051 SUSE Bug 952051 https://bugzilla.suse.com/960402 SUSE Bug 960402 https://bugzilla.suse.com/963937 SUSE Bug 963937 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. CVE-2015-8126 openSUSE Leap 42.1:libpng12-0-1.2.50-5.1 openSUSE Leap 42.1:libpng12-0-32bit-1.2.50-5.1 openSUSE Leap 42.1:libpng12-1.2.50-5.1 openSUSE Leap 42.1:libpng12-compat-devel-1.2.50-5.1 openSUSE Leap 42.1:libpng12-compat-devel-32bit-1.2.50-5.1 openSUSE Leap 42.1:libpng12-devel-1.2.50-5.1 openSUSE Leap 42.1:libpng12-devel-32bit-1.2.50-5.1 moderate 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html https://www.suse.com/security/cve/CVE-2015-8126.html CVE-2015-8126 https://bugzilla.suse.com/954980 SUSE Bug 954980 https://bugzilla.suse.com/958198 SUSE Bug 958198 https://bugzilla.suse.com/960402 SUSE Bug 960402 https://bugzilla.suse.com/962743 SUSE Bug 962743 https://bugzilla.suse.com/963937 SUSE Bug 963937 https://bugzilla.suse.com/969333 SUSE Bug 969333