ID CVE-2015-8472
Summary Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
References
Vulnerable Configurations
  • Apple Mac OS X 10.11.3
    cpe:2.3:o:apple:mac_os_x:10.11.3
  • Libpng Libpng 1.0.64
    cpe:2.3:a:libpng:libpng:1.0.64
  • libpng 1.2.0
    cpe:2.3:a:libpng:libpng:1.2.0
  • libpng 1.2.1
    cpe:2.3:a:libpng:libpng:1.2.1
  • libpng 1.2.2
    cpe:2.3:a:libpng:libpng:1.2.2
  • libpng 1.2.3
    cpe:2.3:a:libpng:libpng:1.2.3
  • libpng 1.2.4
    cpe:2.3:a:libpng:libpng:1.2.4
  • libpng 1.2.10
    cpe:2.3:a:libpng:libpng:1.2.10
  • libpng 1.2.11
    cpe:2.3:a:libpng:libpng:1.2.11
  • libpng 1.2.12
    cpe:2.3:a:libpng:libpng:1.2.12
  • libpng 1.2.13
    cpe:2.3:a:libpng:libpng:1.2.13
  • libpng 1.2.14
    cpe:2.3:a:libpng:libpng:1.2.14
  • libpng 1.2.15
    cpe:2.3:a:libpng:libpng:1.2.15
  • libpng 1.2.16
    cpe:2.3:a:libpng:libpng:1.2.16
  • libpng 1.2.17
    cpe:2.3:a:libpng:libpng:1.2.17
  • libpng 1.2.18
    cpe:2.3:a:libpng:libpng:1.2.18
  • libpng 1.2.19
    cpe:2.3:a:libpng:libpng:1.2.19
  • libpng 1.2.20
    cpe:2.3:a:libpng:libpng:1.2.20
  • libpng 1.2.21
    cpe:2.3:a:libpng:libpng:1.2.21
  • libpng 1.2.22
    cpe:2.3:a:libpng:libpng:1.2.22
  • libpng 1.2.23
    cpe:2.3:a:libpng:libpng:1.2.23
  • libpng 1.2.24
    cpe:2.3:a:libpng:libpng:1.2.24
  • libpng 1.2.25
    cpe:2.3:a:libpng:libpng:1.2.25
  • libpng 1.2.26
    cpe:2.3:a:libpng:libpng:1.2.26
  • libpng 1.2.27
    cpe:2.3:a:libpng:libpng:1.2.27
  • libpng 1.2.28
    cpe:2.3:a:libpng:libpng:1.2.28
  • libpng 1.2.29
    cpe:2.3:a:libpng:libpng:1.2.29
  • libpng 1.2.30
    cpe:2.3:a:libpng:libpng:1.2.30
  • libpng 1.2.31
    cpe:2.3:a:libpng:libpng:1.2.31
  • libpng 1.2.32
    cpe:2.3:a:libpng:libpng:1.2.32
  • libpng 1.2.33
    cpe:2.3:a:libpng:libpng:1.2.33
  • libpng 1.2.34
    cpe:2.3:a:libpng:libpng:1.2.34
  • libpng 1.2.35
    cpe:2.3:a:libpng:libpng:1.2.35
  • libpng 1.2.36
    cpe:2.3:a:libpng:libpng:1.2.36
  • libpng 1.2.37
    cpe:2.3:a:libpng:libpng:1.2.37
  • libpng 1.2.38
    cpe:2.3:a:libpng:libpng:1.2.38
  • libpng 1.2.39
    cpe:2.3:a:libpng:libpng:1.2.39
  • libpng 1.2.40
    cpe:2.3:a:libpng:libpng:1.2.40
  • libpng 1.2.41
    cpe:2.3:a:libpng:libpng:1.2.41
  • libpng 1.2.42
    cpe:2.3:a:libpng:libpng:1.2.42
  • libpng 1.2.43
    cpe:2.3:a:libpng:libpng:1.2.43
  • libpng 1.2.44
    cpe:2.3:a:libpng:libpng:1.2.44
  • libpng 1.2.45
    cpe:2.3:a:libpng:libpng:1.2.45
  • libpng 1.2.46
    cpe:2.3:a:libpng:libpng:1.2.46
  • libpng 1.2.47
    cpe:2.3:a:libpng:libpng:1.2.47
  • libpng 1.2.48
    cpe:2.3:a:libpng:libpng:1.2.48
  • Libpng Libpng 1.2.49
    cpe:2.3:a:libpng:libpng:1.2.49
  • Libpng Libpng 1.2.50
    cpe:2.3:a:libpng:libpng:1.2.50
  • Libpng Libpng 1.2.51
    cpe:2.3:a:libpng:libpng:1.2.51
  • Libpng Libpng 1.2.52
    cpe:2.3:a:libpng:libpng:1.2.52
  • Libpng Libpng 1.2.53
    cpe:2.3:a:libpng:libpng:1.2.53
  • Libpng Libpng 1.2.54
    cpe:2.3:a:libpng:libpng:1.2.54
  • libpng 1.4.0
    cpe:2.3:a:libpng:libpng:1.4.0
  • libpng 1.4.1
    cpe:2.3:a:libpng:libpng:1.4.1
  • libpng 1.4.2
    cpe:2.3:a:libpng:libpng:1.4.2
  • libpng 1.4.3
    cpe:2.3:a:libpng:libpng:1.4.3
  • libpng 1.4.4
    cpe:2.3:a:libpng:libpng:1.4.4
  • libpng 1.4.5
    cpe:2.3:a:libpng:libpng:1.4.5
  • libpng 1.4.6
    cpe:2.3:a:libpng:libpng:1.4.6
  • libpng 1.4.7
    cpe:2.3:a:libpng:libpng:1.4.7
  • libpng 1.4.8
    cpe:2.3:a:libpng:libpng:1.4.8
  • libpng 1.4.9
    cpe:2.3:a:libpng:libpng:1.4.9
  • libpng 1.4.10
    cpe:2.3:a:libpng:libpng:1.4.10
  • Libpng Libpng 1.4.11
    cpe:2.3:a:libpng:libpng:1.4.11
  • Libpng Libpng 1.4.12
    cpe:2.3:a:libpng:libpng:1.4.12
  • Libpng Libpng 1.4.13
    cpe:2.3:a:libpng:libpng:1.4.13
  • Libpng Libpng 1.4.14
    cpe:2.3:a:libpng:libpng:1.4.14
  • Libpng Libpng 1.4.15
    cpe:2.3:a:libpng:libpng:1.4.15
  • Libpng Libpng 1.4.16
    cpe:2.3:a:libpng:libpng:1.4.16
  • Libpng Libpng 1.4.17
    cpe:2.3:a:libpng:libpng:1.4.17
  • libpng 1.5.1
    cpe:2.3:a:libpng:libpng:1.5.1
  • libpng 1.5.2
    cpe:2.3:a:libpng:libpng:1.5.2
  • cpe:2.3:a:libpng:libpng:1.5.3
    cpe:2.3:a:libpng:libpng:1.5.3
  • libpng 1.5.4
    cpe:2.3:a:libpng:libpng:1.5.4
  • libpng 1.5.5
    cpe:2.3:a:libpng:libpng:1.5.5
  • libpng 1.5.6
    cpe:2.3:a:libpng:libpng:1.5.6
  • libpng 1.5.7
    cpe:2.3:a:libpng:libpng:1.5.7
  • libpng 1.5.8
    cpe:2.3:a:libpng:libpng:1.5.8
  • libpng 1.5.9
    cpe:2.3:a:libpng:libpng:1.5.9
  • cpe:2.3:a:libpng:libpng:1.5.10
    cpe:2.3:a:libpng:libpng:1.5.10
  • libpng 1.5.11
    cpe:2.3:a:libpng:libpng:1.5.11
  • libpng 1.5.12
    cpe:2.3:a:libpng:libpng:1.5.12
  • libpng 1.5.13
    cpe:2.3:a:libpng:libpng:1.5.13
  • Libpng Libpng 1.5.14
    cpe:2.3:a:libpng:libpng:1.5.14
  • Libpng Libpng 1.5.15
    cpe:2.3:a:libpng:libpng:1.5.15
  • Libpng Libpng 1.5.16
    cpe:2.3:a:libpng:libpng:1.5.16
  • Libpng Libpng 1.5.17
    cpe:2.3:a:libpng:libpng:1.5.17
  • Libpng Libpng 1.5.18
    cpe:2.3:a:libpng:libpng:1.5.18
  • Libpng Libpng 1.5.19
    cpe:2.3:a:libpng:libpng:1.5.19
  • cpe:2.3:a:libpng:libpng:1.5.20
    cpe:2.3:a:libpng:libpng:1.5.20
  • Libpng Libpng 1.5.21
    cpe:2.3:a:libpng:libpng:1.5.21
  • Libpng Libpng 1.5.22
    cpe:2.3:a:libpng:libpng:1.5.22
  • Libpng Libpng 1.5.23
    cpe:2.3:a:libpng:libpng:1.5.23
  • Libpng Libpng 1.5.24
    cpe:2.3:a:libpng:libpng:1.5.24
  • libpng 1.6.0
    cpe:2.3:a:libpng:libpng:1.6.0
  • libpng 1.6.1
    cpe:2.3:a:libpng:libpng:1.6.1
  • libpng 1.6.2
    cpe:2.3:a:libpng:libpng:1.6.2
  • libpng 1.6.3
    cpe:2.3:a:libpng:libpng:1.6.3
  • libpng 1.6.4
    cpe:2.3:a:libpng:libpng:1.6.4
  • libpng 1.6.5
    cpe:2.3:a:libpng:libpng:1.6.5
  • libpng 1.6.6
    cpe:2.3:a:libpng:libpng:1.6.6
  • libpng 1.6.7
    cpe:2.3:a:libpng:libpng:1.6.7
  • libpng 1.6.8
    cpe:2.3:a:libpng:libpng:1.6.8
  • libpng 1.6.9
    cpe:2.3:a:libpng:libpng:1.6.9
  • libpng libpng 1.6.10
    cpe:2.3:a:libpng:libpng:1.6.10
  • libpng libpng 1.6.11
    cpe:2.3:a:libpng:libpng:1.6.11
  • cpe:2.3:a:libpng:libpng:1.6.12
    cpe:2.3:a:libpng:libpng:1.6.12
  • libpng libpng 1.6.13
    cpe:2.3:a:libpng:libpng:1.6.13
  • libpng libpng 1.6.14
    cpe:2.3:a:libpng:libpng:1.6.14
  • libpng libpng 1.6.15
    cpe:2.3:a:libpng:libpng:1.6.15
  • Libpng Libpng 1.6.16
    cpe:2.3:a:libpng:libpng:1.6.16
  • Libpng Libpng 1.6.17
    cpe:2.3:a:libpng:libpng:1.6.17
  • libpng libpng 1.6.18
    cpe:2.3:a:libpng:libpng:1.6.18
  • Libpng Libpng 1.6.19
    cpe:2.3:a:libpng:libpng:1.6.19
CVSS
Base: 7.5 (as of 24-06-2016 - 12:54)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0636-1.NASL
    description This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 89657
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89657
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0636-1) (SLOTH)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-233750B6AB.NASL
    description new upstream release 1.5.25 (#1288265) ---- Security fix CVE-2015-8126 (#1281756, #1282902) ---- new upstream release 1.5.24 (#1281632) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89175
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89175
    title Fedora 22 : libpng15-1.5.25-1.fc22 (2015-233750b6ab)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-3461E976CB.NASL
    description The fix for CVE-8126 was incomplete in the previous 1.0.64 update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89203
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89203
    title Fedora 22 : libpng10-1.0.65-1.fc22 (2015-3461e976cb)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-410.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography. CVE-2015-7575 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. CVE-2015-8126 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. CVE-2015-8472 Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. CVE-2016-0402 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. CVE-2016-0448 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. CVE-2016-0466 It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. CVE-2016-0483 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2016-0494 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. For Debian 6 'Squeeze', these problems have been fixed in version 6b38-1.13.10-1~deb6u1. We recommend that you upgrade your openjdk-6 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 88580
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88580
    title Debian DLA-410-1 : openjdk-6 security update (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0055.NASL
    description Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 71 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88074
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88074
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0055) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2596.NASL
    description Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) All libpng users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 87307
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87307
    title RHEL 7 : libpng (RHSA-2015:2596)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2596.NASL
    description From Red Hat Security Advisory 2015:2596 : Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) All libpng users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 87302
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87302
    title Oracle Linux 7 : libpng (ELSA-2015-2596)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-4AD4998D00.NASL
    description Security fix for CVE-2015-8126 (#1281757, #12812756) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89236
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89236
    title Fedora 23 : libpng-1.6.17-3.fc23 (2015-4ad4998d00)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-107.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 88538
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88538
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-107) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-115.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 88541
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88541
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-115) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_JAN2016_ADVISORY.NASL
    description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following components : - 2D - AWT - IBM J9 JVM - JAXP - JMX - Libraries - Networking - Security
    last seen 2017-10-29
    modified 2016-04-29
    plugin id 89053
    published 2016-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89053
    title AIX Java Advisory : java_jan2016_advisory.asc (January 2016 CPU) (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151209_LIBPNG_ON_SL7_X.NASL
    description It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472)
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 87585
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87585
    title Scientific Linux Security Update : libpng on SL7.x x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-349-02.NASL
    description New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 87376
    published 2015-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87376
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libpng (SSA:2015-349-02)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2594.NASL
    description Updated libpng packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 87305
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87305
    title RHEL 6 : libpng (RHSA-2015:2594)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3443.NASL
    description Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8472 It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications using png_set_PLTE directly. A remote attacker can take advantage of this flaw to cause a denial of service (application crash). - CVE-2015-8540 Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword function. A remote attacker can potentially take advantage of this flaw to cause a denial of service (application crash).
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 87899
    published 2016-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87899
    title Debian DSA-3443-1 : libpng - security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2596.NASL
    description Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) All libpng users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 87285
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87285
    title CentOS 7 : libpng (CESA-2015:2596)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0101.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP20 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88557
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88557
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:0101) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-110.NASL
    description Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes : - Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962, CVE-2016-0466: More general limits - S8137060: JMX memory management improvements - S8139012: Better font substitutions - S8139017, CVE-2016-0483: More stable image decoding - S8140543, CVE-2016-0494: Arrange font actions - S8143185: Cleanup for handling proxies - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH) - S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - Import of OpenJDK 7 u95 build 0 - S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket. java failed with SocketTimeoutException - S8074068: Cleanup in src/share/classes/sun/security/x509/ - S8075773: jps running as root fails after the fix of JDK-8050807 - S8081297: SSL Problem with Tomcat - S8131181: Increment minor version of HSx for 7u95 and initialize the build number - S8132082: Let OracleUcrypto accept RSAPrivateKey - S8134605: Partial rework of the fix for 8081297 - S8134861: XSLT: Extension func call cause exception if namespace URI contains partial package name - S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing - S8138716: (tz) Support tzdata2015g - S8140244: Port fix of JDK-8075773 to MacOSX - S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2 - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBui ld.java 8u71 failure - S8143132: L10n resource file translation update - S8144955: Wrong changes were pushed with 8143942 - S8145551: Test failed with Crash for Improved font lookups - S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp - Backports - S8140244: Port fix of JDK-8075773 to AIX - S8133196, PR2712, RH1251935: HTTPS hostname invalid issue with InetAddress - S8140620, PR2710: Find and load default.sf2 as the default soundbank on Linux
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 88540
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88540
    title openSUSE Security Update : Java7 (openSUSE-2016-110) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0390-1.NASL
    description This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0475: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 88692
    published 2016-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88692
    title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:0390-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0431-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 88709
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88709
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0431-1) (SLOTH)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-AC8100927A.NASL
    description Latest upstream release, includes fixes for security vulnerabilities: CVE-2015-7981, CVE-2015-8126, CVE-2015-8540 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89365
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89365
    title Fedora 22 : libpng12-1.2.56-1.fc22 (2015-ac8100927a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8C475F7169.NASL
    description The fix for CVE-8126 was incomplete in the previous 1.0.64 update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89317
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89317
    title Fedora 23 : libpng10-1.0.65-1.fc23 (2015-8c475f7169)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0265-1.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 88485
    published 2016-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88485
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0265-1) (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2595.NASL
    description Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng12 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 87284
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87284
    title CentOS 7 : libpng12 (CESA-2015:2595)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-615.NASL
    description It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-7981) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-8472)
    last seen 2017-10-29
    modified 2016-10-07
    plugin id 87341
    published 2015-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87341
    title Amazon Linux AMI : libpng (ALAS-2015-615)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL81903701.NASL
    description Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. (CVE-2015-8472)
    last seen 2017-10-29
    modified 2017-03-14
    plugin id 91331
    published 2016-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91331
    title F5 Networks BIG-IP : Libpng vulnerability (K81903701)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2595.NASL
    description Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng12 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 87306
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87306
    title RHEL 7 : libpng12 (RHSA-2015:2595)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0433-1.NASL
    description This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 88710
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88710
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0433-1) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0098.NASL
    description Updated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 8 SR2-FP10 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88554
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88554
    title RHEL 7 : java-1.8.0-ibm (RHSA-2016:0098) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0099.NASL
    description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88555
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88555
    title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:0099) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-106.NASL
    description java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Includes the following fixes from the October 2015 update: (bsc#951376) - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4805: A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE-2015-4806: A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data - CVE-2015-4835: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4842: A remote user can exploit a flaw in the Embedded JAXP component to partially access data - CVE-2015-4843: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4844: A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges - CVE-2015-4860: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4872: A remote user can exploit a flaw in the JRockit Security component to partially modify data []. - CVE-2015-4881: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4882: A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions - CVE-2015-4883: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4893: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4902: A remote user can exploit a flaw in the Java SE Deployment component to partially modify data - CVE-2015-4903: A remote user can exploit a flaw in the Embedded RMI component to partially access data - CVE-2015-4911: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4810: A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges - CVE-2015-4840: A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE-2015-4868: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4901: A remote user can exploit a flaw in the JavaFX component to gain elevated privileges - CVE-2015-4906: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4908: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4916: A remote user can exploit a flaw in the JavaFX component to partially access data
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 88537
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88537
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-39499D9AF8.NASL
    description Latest upstream release, includes fixes for security vulnerabilities: CVE-2015-7981, CVE-2015-8126, CVE-2015-8540 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89213
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89213
    title Fedora 23 : libpng12-1.2.56-1.fc23 (2015-39499d9af8)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0256-1.NASL
    description java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 88453
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88453
    title SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:0256-1) (SLOTH)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1886E1958B8711E590E7B499BAEBFEAF.NASL
    description libpng reports : CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 86876
    published 2015-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86876
    title FreeBSD : libpng buffer overflow in png_set_PLTE (1886e195-8b87-11e5-90e7-b499baebfeaf)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2594.NASL
    description From Red Hat Security Advisory 2015:2594 : Updated libpng packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 87300
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87300
    title Oracle Linux 6 : libpng (ELSA-2015-2594)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0269-1.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 88486
    published 2016-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88486
    title SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0269-1) (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2594.NASL
    description Updated libpng packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 87283
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87283
    title CentOS 6 : libpng (CESA-2015:2594)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0056.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88075
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88075
    title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:0056) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0770-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 89961
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89961
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0770-1) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-375-1.NASL
    description The remote Debian host is running a version of libpng prior to 1.2.44-1+squeeze6. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the png_push_read_zTXt() function within file pngpread.c when decompressing PNG images. An unauthenticated, remote attacker can exploit this, via a large 'avail_in' field to cause a denial of service condition. (CVE-2012-3425) - A buffer overflow condition exists in the png_set_PLTE() function within file pngset.c and the png_get_PLTE() function within file pngget.c when handling bit-depth values less than 8. An unauthenticated, remote attacker can exploit this, via a specially crafted IHDR chunk in a PNG image, to cause a denial of service or have other unspecified impact. (CVE-2015-8472) - An integer underflow condition exists in the png_check_keyword() function within file pngwutil.c. An unauthenticated, remote attacker can exploit this, via a specially crafted PNG image using a space character as a keyword, to cause a denial of service condition or other unspecified impact. (CVE-2015-8540)
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 92678
    published 2016-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92678
    title Debian DLA-375-1 : libpng Security Update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2595.NASL
    description From Red Hat Security Advisory 2015:2595 : Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng12 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 87301
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87301
    title Oracle Linux 7 : libpng12 (ELSA-2015-2595)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151209_LIBPNG12_ON_SL7_X.NASL
    description It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981)
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 87584
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87584
    title Scientific Linux Security Update : libpng12 on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1430.NASL
    description An update for java-1.7.0-ibm and java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
    last seen 2017-12-13
    modified 2017-12-13
    plugin id 92400
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92400
    title RHEL 5 / 6 : java-1.7.0-ibm and java-1.7.1-ibm (RHSA-2016:1430) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2861-1.NASL
    description It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8472) Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certain malformed images. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2015-8540). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-01
    plugin id 87774
    published 2016-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87774
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libpng vulnerabilities (USN-2861-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2016-002.NASL
    description The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Kernel - libxml2 - OpenSSH - Python - Tcl Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-10-29
    modified 2016-11-28
    plugin id 90097
    published 2016-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90097
    title Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151209_LIBPNG_ON_SL6_X.NASL
    description It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981)
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 87308
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87308
    title Scientific Linux Security Update : libpng on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-105.NASL
    description java-1_8_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 88536
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88536
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-105) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0100.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88556
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88556
    title RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-C80EC85542.NASL
    description new upstream release 1.5.25 (#1288265) ---- Security fix CVE-2015-8126 (#1281756, #1282902) ---- new upstream release 1.5.24 (#1281632) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 89405
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89405
    title Fedora 23 : libpng15-1.5.25-1.fc23 (2015-c80ec85542)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0776-1.NASL
    description IBM Java was updated to version 6.0-16.20, fixing various security issues. More information can be found on http://www.i bm.com/developerworks/java/jdk/alerts/. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 89989
    published 2016-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89989
    title SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0776-1) (SLOTH)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_11_4.NASL
    description The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.4. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppleRAID - AppleUSBNetworking - Bluetooth - Carbon - dyld - FontParser - HTTPProtocol - Intel Graphics Driver - IOFireWireFamily - IOGraphics - IOHIDFamily - IOUSBFamily - Kernel - libxml2 - Messages - NVIDIA Graphics Drivers - OpenSSH - OpenSSL - Python - QuickTime - Reminders - Ruby - Security - Tcl - TrueTypeScaler - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-10-29
    modified 2016-07-13
    plugin id 90096
    published 2016-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90096
    title Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0057.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 111 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 88076
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88076
    title RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:0057)
redhat via4
advisories
  • bugzilla
    id 1281756
    title CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.49-2.el6_7
          oval oval:com.redhat.rhsa:tst:20152594007
        • comment libpng is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105006
      • AND
        • comment libpng-devel is earlier than 2:1.2.49-2.el6_7
          oval oval:com.redhat.rhsa:tst:20152594009
        • comment libpng-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105010
      • AND
        • comment libpng-static is earlier than 2:1.2.49-2.el6_7
          oval oval:com.redhat.rhsa:tst:20152594005
        • comment libpng-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105008
    rhsa
    id RHSA-2015:2594
    released 2015-12-09
    severity Moderate
    title RHSA-2015:2594: libpng security update (Moderate)
  • bugzilla
    id 1281756
    title CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libpng12 is earlier than 0:1.2.50-7.el7_2
          oval oval:com.redhat.rhsa:tst:20152595007
        • comment libpng12 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152595008
      • AND
        • comment libpng12-devel is earlier than 0:1.2.50-7.el7_2
          oval oval:com.redhat.rhsa:tst:20152595005
        • comment libpng12-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152595006
    rhsa
    id RHSA-2015:2595
    released 2015-12-09
    severity Moderate
    title RHSA-2015:2595: libpng12 security update (Moderate)
  • bugzilla
    id 1281756
    title CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libpng is earlier than 2:1.5.13-7.el7_2
          oval oval:com.redhat.rhsa:tst:20152596009
        • comment libpng is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105006
      • AND
        • comment libpng-devel is earlier than 2:1.5.13-7.el7_2
          oval oval:com.redhat.rhsa:tst:20152596005
        • comment libpng-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105010
      • AND
        • comment libpng-static is earlier than 2:1.5.13-7.el7_2
          oval oval:com.redhat.rhsa:tst:20152596007
        • comment libpng-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105008
    rhsa
    id RHSA-2015:2596
    released 2015-12-09
    severity Moderate
    title RHSA-2015:2596: libpng security update (Moderate)
  • rhsa
    id RHSA-2016:0055
  • rhsa
    id RHSA-2016:0056
  • rhsa
    id RHSA-2016:0057
  • rhsa
    id RHSA-2016:1430
rpms
  • libpng-2:1.2.49-2.el6_7
  • libpng-devel-2:1.2.49-2.el6_7
  • libpng-static-2:1.2.49-2.el6_7
  • libpng12-0:1.2.50-7.el7_2
  • libpng12-devel-0:1.2.50-7.el7_2
  • libpng-2:1.5.13-7.el7_2
  • libpng-devel-2:1.5.13-7.el7_2
  • libpng-static-2:1.5.13-7.el7_2
  • java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7
  • java-1.8.0-oracle-devel-1:1.8.0.71-1jpp.1.el6_7
  • java-1.8.0-oracle-javafx-1:1.8.0.71-1jpp.1.el6_7
  • java-1.8.0-oracle-jdbc-1:1.8.0.71-1jpp.1.el6_7
  • java-1.8.0-oracle-plugin-1:1.8.0.71-1jpp.1.el6_7
  • java-1.8.0-oracle-src-1:1.8.0.71-1jpp.1.el6_7
  • java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7
  • java-1.7.0-oracle-devel-1:1.7.0.95-1jpp.1.el6_7
  • java-1.7.0-oracle-javafx-1:1.7.0.95-1jpp.1.el6_7
  • java-1.7.0-oracle-jdbc-1:1.7.0.95-1jpp.1.el6_7
  • java-1.7.0-oracle-plugin-1:1.7.0.95-1jpp.1.el6_7
  • java-1.7.0-oracle-src-1:1.7.0.95-1jpp.1.el6_7
  • java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7
  • java-1.6.0-sun-demo-1:1.6.0.111-1jpp.3.el6_7
  • java-1.6.0-sun-devel-1:1.6.0.111-1jpp.3.el6_7
  • java-1.6.0-sun-jdbc-1:1.6.0.111-1jpp.3.el6_7
  • java-1.6.0-sun-plugin-1:1.6.0.111-1jpp.3.el6_7
  • java-1.6.0-sun-src-1:1.6.0.111-1jpp.3.el6_7
  • java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7
  • java-1.7.1-ibm-demo-1:1.7.1.3.30-1jpp.2.el6_7
  • java-1.7.1-ibm-devel-1:1.7.1.3.30-1jpp.2.el6_7
  • java-1.7.1-ibm-jdbc-1:1.7.1.3.30-1jpp.2.el6_7
  • java-1.7.1-ibm-plugin-1:1.7.1.3.30-1jpp.2.el6_7
  • java-1.7.1-ibm-src-1:1.7.1.3.30-1jpp.2.el6_7
  • java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5
  • java-1.7.0-ibm-demo-1:1.7.0.9.30-1jpp.1.el5
  • java-1.7.0-ibm-devel-1:1.7.0.9.30-1jpp.1.el5
  • java-1.7.0-ibm-jdbc-1:1.7.0.9.30-1jpp.1.el5
  • java-1.7.0-ibm-plugin-1:1.7.0.9.30-1jpp.1.el5
  • java-1.7.0-ibm-src-1:1.7.0.9.30-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.16.20-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7
  • java-1.6.0-ibm-demo-1:1.6.0.16.20-1jpp.1.el6_7
  • java-1.6.0-ibm-devel-1:1.6.0.16.20-1jpp.1.el6_7
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.20-1jpp.1.el6_7
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.20-1jpp.1.el6_7
  • java-1.6.0-ibm-plugin-1:1.6.0.16.20-1jpp.1.el6_7
  • java-1.6.0-ibm-src-1:1.6.0.16.20-1jpp.1.el6_7
refmap via4
apple APPLE-SA-2016-03-21-5
bid 78624
confirm
debian DSA-3443
fedora
  • FEDORA-2015-233750b6ab
  • FEDORA-2015-4ad4998d00
  • FEDORA-2015-c80ec85542
mlist [oss-security] 20151203 Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE
suse
  • SUSE-SU-2016:0256
  • SUSE-SU-2016:0265
  • SUSE-SU-2016:0269
  • openSUSE-SU-2016:0263
  • openSUSE-SU-2016:0268
  • openSUSE-SU-2016:0270
  • openSUSE-SU-2016:0272
  • openSUSE-SU-2016:0279
Last major update 07-12-2016 - 13:28
Published 21-01-2016 - 10:59
Last modified 03-11-2017 - 21:29
Back to Top