Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2015:2136-1

Опубликовано: 27 нояб. 2015
Источник: suse-cvrf

Описание

Security update for libpng12

The libpng12 package was updated to fix the following security issues:

  • CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980).
  • CVE-2015-7981: Fixed an out-of-bound read (bsc#952051).

Список пакетов

openSUSE Leap 42.1
libpng12-1.2.50-5.1
libpng12-0-1.2.50-5.1
libpng12-0-32bit-1.2.50-5.1
libpng12-compat-devel-1.2.50-5.1
libpng12-compat-devel-32bit-1.2.50-5.1
libpng12-devel-1.2.50-5.1
libpng12-devel-32bit-1.2.50-5.1

Ссылки

Описание

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Затронутые продукты
openSUSE Leap 42.1:libpng12-0-1.2.50-5.1
openSUSE Leap 42.1:libpng12-0-32bit-1.2.50-5.1
openSUSE Leap 42.1:libpng12-1.2.50-5.1
openSUSE Leap 42.1:libpng12-compat-devel-1.2.50-5.1
Ссылки

Описание

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Затронутые продукты
openSUSE Leap 42.1:libpng12-0-1.2.50-5.1
openSUSE Leap 42.1:libpng12-0-32bit-1.2.50-5.1
openSUSE Leap 42.1:libpng12-1.2.50-5.1
openSUSE Leap 42.1:libpng12-compat-devel-1.2.50-5.1
Ссылки
Уязвимость openSUSE-SU-2015:2136-1