Описание
Security update for libpng16
This update for libpng16 fixes the following issues:
Security issues fixed:
- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).
Список пакетов
SUSE Enterprise Storage 5
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP1-LTSS
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP2-BCL
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP2-LTSS
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP3-BCL
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP3-LTSS
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE OpenStack Cloud 7
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
SUSE OpenStack Cloud 8
libpng16-16-1.6.8-15.5.2
libpng16-16-32bit-1.6.8-15.5.2
Ссылки
- Link for SUSE-SU-2019:3060-2
- E-Mail link for SUSE-SU-2019:3060-2
- SUSE Security Ratings
- SUSE Bug 1124211
- SUSE Bug 1141493
- SUSE CVE CVE-2017-12652 page
- SUSE CVE CVE-2019-7317 page
Описание
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Затронутые продукты
SUSE Enterprise Storage 5:libpng16-16-1.6.8-15.5.2
SUSE Enterprise Storage 5:libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP1-LTSS:libpng16-16-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP1-LTSS:libpng16-16-32bit-1.6.8-15.5.2
Ссылки
- CVE-2017-12652
- SUSE Bug 1141493
Описание
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Затронутые продукты
SUSE Enterprise Storage 5:libpng16-16-1.6.8-15.5.2
SUSE Enterprise Storage 5:libpng16-16-32bit-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP1-LTSS:libpng16-16-1.6.8-15.5.2
SUSE Linux Enterprise Server 12 SP1-LTSS:libpng16-16-32bit-1.6.8-15.5.2
Ссылки
- CVE-2019-7317
- SUSE Bug 1124211
- SUSE Bug 1135824
- SUSE Bug 1141780
- SUSE Bug 1147021
- SUSE Bug 1165297