openSUSE-SU-2019:1530-1

Опубликовано: 07 июн. 2019

Источник: suse-cvrf

Описание

Security update for libpng16

This update for libpng16 fixes the following issues:

Security issues fixed:

CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211).
CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libpng16-16-1.6.34-lp151.3.3.1

libpng16-16-32bit-1.6.34-lp151.3.3.1

libpng16-compat-devel-1.6.34-lp151.3.3.1

libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1

libpng16-devel-1.6.34-lp151.3.3.1

libpng16-devel-32bit-1.6.34-lp151.3.3.1

libpng16-tools-1.6.34-lp151.3.3.1

openSUSE Leap 15.1

libpng16-16-1.6.34-lp151.3.3.1

libpng16-16-32bit-1.6.34-lp151.3.3.1

libpng16-compat-devel-1.6.34-lp151.3.3.1

libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1

libpng16-devel-1.6.34-lp151.3.3.1

libpng16-devel-32bit-1.6.34-lp151.3.3.1

libpng16-tools-1.6.34-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL/#Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL
E-Mail link for openSUSE-SU-2019:1530-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1100687
SUSE Bug 1100687
https://bugzilla.suse.com/1121624
SUSE Bug 1121624
https://bugzilla.suse.com/1124211
SUSE Bug 1124211
https://www.suse.com/security/cve/CVE-2018-13785/
SUSE CVE CVE-2018-13785 page
https://www.suse.com/security/cve/CVE-2019-7317/
SUSE CVE CVE-2019-7317 page

Описание

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Затронутые продукты

openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1

openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1

openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1

openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-13785.html
CVE-2018-13785
https://bugzilla.suse.com/1100687
SUSE Bug 1100687
https://bugzilla.suse.com/1112153
SUSE Bug 1112153
https://bugzilla.suse.com/1116574
SUSE Bug 1116574

Описание

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Затронутые продукты

openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1

openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1

openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1

openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-7317.html
CVE-2019-7317
https://bugzilla.suse.com/1124211
SUSE Bug 1124211
https://bugzilla.suse.com/1135824
SUSE Bug 1135824
https://bugzilla.suse.com/1141780
SUSE Bug 1141780
https://bugzilla.suse.com/1147021
SUSE Bug 1147021
https://bugzilla.suse.com/1165297
SUSE Bug 1165297

openSUSE-SU-2019:1530-1

Описание

Список пакетов

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2018-13785

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-7317

Описание

Затронутые продукты

Ссылки