Описание
Security update for libpng16
This update for libpng16 fixes the following issues:
Security issues fixed:
- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
libpng16-1.6.8-15.5.2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpng16-1.6.8-15.5.2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Software Development Kit 12 SP4
libpng16-1.6.8-15.5.2
libpng16-compat-devel-1.6.8-15.5.2
libpng16-devel-1.6.8-15.5.2
SUSE Linux Enterprise Software Development Kit 12 SP5
libpng16-1.6.8-15.5.2
libpng16-compat-devel-1.6.8-15.5.2
libpng16-devel-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP4
libpng16-1.6.8-15.5.2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpng16-1.6.8-15.5.2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP5
libpng16-1.6.8-15.5.2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpng16-1.6.8-15.5.2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
Ссылки
- Link for SUSE-SU-2019:3060-1
- E-Mail link for SUSE-SU-2019:3060-1
- SUSE Security Ratings
Описание
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpng16-1.6.8-15.5.2
SUSE Linux Enterprise Desktop 12 SP4:libpng16-16-1.6.8-15.5.2
SUSE Linux Enterprise Desktop 12 SP4:libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP4:libpng16-1.6.8-15.5.2
Ссылки
- CVE-2017-12652
- SUSE Bug 1141493
Описание
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpng16-1.6.8-15.5.2
SUSE Linux Enterprise Desktop 12 SP4:libpng16-16-1.6.8-15.5.2
SUSE Linux Enterprise Desktop 12 SP4:libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP4:libpng16-1.6.8-15.5.2
Ссылки
- CVE-2019-7317
- SUSE Bug 1124211
- SUSE Bug 1135824
- SUSE Bug 1141780
- SUSE Bug 1147021
- SUSE Bug 1165297