Details of VAR-201511-0126

ID

VAR-201511-0126

CVE

CVE-2015-8126

TITLE

libpng Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201511-246

DESCRIPTION

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 49.0.2623.87 >= 49.0.2623.87 Description =========== Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87" References ========== [ 1 ] CVE-2015-1270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270 [ 2 ] CVE-2015-1271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271 [ 3 ] CVE-2015-1272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272 [ 4 ] CVE-2015-1273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273 [ 5 ] CVE-2015-1274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274 [ 6 ] CVE-2015-1275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275 [ 7 ] CVE-2015-1276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276 [ 8 ] CVE-2015-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277 [ 9 ] CVE-2015-1278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278 [ 10 ] CVE-2015-1279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279 [ 11 ] CVE-2015-1280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280 [ 12 ] CVE-2015-1281 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281 [ 13 ] CVE-2015-1282 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282 [ 14 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 15 ] CVE-2015-1284 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284 [ 16 ] CVE-2015-1285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285 [ 17 ] CVE-2015-1286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286 [ 18 ] CVE-2015-1287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287 [ 19 ] CVE-2015-1288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288 [ 20 ] CVE-2015-1289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289 [ 21 ] CVE-2015-1291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291 [ 22 ] CVE-2015-1292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292 [ 23 ] CVE-2015-1293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293 [ 24 ] CVE-2015-1294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294 [ 25 ] CVE-2015-1295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295 [ 26 ] CVE-2015-1296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296 [ 27 ] CVE-2015-1297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297 [ 28 ] CVE-2015-1298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298 [ 29 ] CVE-2015-1299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299 [ 30 ] CVE-2015-1300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300 [ 31 ] CVE-2015-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302 [ 32 ] CVE-2015-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303 [ 33 ] CVE-2015-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304 [ 34 ] CVE-2015-6755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755 [ 35 ] CVE-2015-6756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756 [ 36 ] CVE-2015-6757 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757 [ 37 ] CVE-2015-6758 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758 [ 38 ] CVE-2015-6759 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759 [ 39 ] CVE-2015-6760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760 [ 40 ] CVE-2015-6761 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761 [ 41 ] CVE-2015-6762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762 [ 42 ] CVE-2015-6763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763 [ 43 ] CVE-2015-6764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764 [ 44 ] CVE-2015-6765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765 [ 45 ] CVE-2015-6766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766 [ 46 ] CVE-2015-6767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767 [ 47 ] CVE-2015-6768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768 [ 48 ] CVE-2015-6769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769 [ 49 ] CVE-2015-6770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770 [ 50 ] CVE-2015-6771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771 [ 51 ] CVE-2015-6772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772 [ 52 ] CVE-2015-6773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773 [ 53 ] CVE-2015-6774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774 [ 54 ] CVE-2015-6775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775 [ 55 ] CVE-2015-6776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776 [ 56 ] CVE-2015-6777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777 [ 57 ] CVE-2015-6778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778 [ 58 ] CVE-2015-6779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779 [ 59 ] CVE-2015-6780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780 [ 60 ] CVE-2015-6781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781 [ 61 ] CVE-2015-6782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782 [ 62 ] CVE-2015-6783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783 [ 63 ] CVE-2015-6784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784 [ 64 ] CVE-2015-6785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785 [ 65 ] CVE-2015-6786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786 [ 66 ] CVE-2015-6787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787 [ 67 ] CVE-2015-6788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788 [ 68 ] CVE-2015-6789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789 [ 69 ] CVE-2015-6790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790 [ 70 ] CVE-2015-6791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791 [ 71 ] CVE-2015-6792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792 [ 72 ] CVE-2015-8126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126 [ 73 ] CVE-2016-1612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612 [ 74 ] CVE-2016-1613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613 [ 75 ] CVE-2016-1614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614 [ 76 ] CVE-2016-1615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615 [ 77 ] CVE-2016-1616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616 [ 78 ] CVE-2016-1617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617 [ 79 ] CVE-2016-1618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618 [ 80 ] CVE-2016-1619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619 [ 81 ] CVE-2016-1620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620 [ 82 ] CVE-2016-1621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621 [ 83 ] CVE-2016-1622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622 [ 84 ] CVE-2016-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623 [ 85 ] CVE-2016-1624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624 [ 86 ] CVE-2016-1625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625 [ 87 ] CVE-2016-1626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626 [ 88 ] CVE-2016-1627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627 [ 89 ] CVE-2016-1628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628 [ 90 ] CVE-2016-1629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629 [ 91 ] CVE-2016-1630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630 [ 92 ] CVE-2016-1631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631 [ 93 ] CVE-2016-1632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632 [ 94 ] CVE-2016-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633 [ 95 ] CVE-2016-1634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634 [ 96 ] CVE-2016-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635 [ 97 ] CVE-2016-1636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636 [ 98 ] CVE-2016-1637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637 [ 99 ] CVE-2016-1638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638 [ 100 ] CVE-2016-1639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639 [ 101 ] CVE-2016-1640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640 [ 102 ] CVE-2016-1641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of IBM Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng12 security update Advisory ID: RHSA-2015:2595-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2595.html Issue date: 2015-12-09 CVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 ===================================================================== 1. Summary: Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng12 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libpng12-1.2.50-7.el7_2.src.rpm x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libpng12-1.2.50-7.el7_2.src.rpm x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libpng12-1.2.50-7.el7_2.src.rpm aarch64: libpng12-1.2.50-7.el7_2.aarch64.rpm libpng12-debuginfo-1.2.50-7.el7_2.aarch64.rpm ppc64: libpng12-1.2.50-7.el7_2.ppc.rpm libpng12-1.2.50-7.el7_2.ppc64.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc64.rpm ppc64le: libpng12-1.2.50-7.el7_2.ppc64le.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc64le.rpm s390x: libpng12-1.2.50-7.el7_2.s390.rpm libpng12-1.2.50-7.el7_2.s390x.rpm libpng12-debuginfo-1.2.50-7.el7_2.s390.rpm libpng12-debuginfo-1.2.50-7.el7_2.s390x.rpm x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libpng12-debuginfo-1.2.50-7.el7_2.aarch64.rpm libpng12-devel-1.2.50-7.el7_2.aarch64.rpm ppc64: libpng12-debuginfo-1.2.50-7.el7_2.ppc.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc64.rpm libpng12-devel-1.2.50-7.el7_2.ppc.rpm libpng12-devel-1.2.50-7.el7_2.ppc64.rpm ppc64le: libpng12-debuginfo-1.2.50-7.el7_2.ppc64le.rpm libpng12-devel-1.2.50-7.el7_2.ppc64le.rpm s390x: libpng12-debuginfo-1.2.50-7.el7_2.s390.rpm libpng12-debuginfo-1.2.50-7.el7_2.s390x.rpm libpng12-devel-1.2.50-7.el7_2.s390.rpm libpng12-devel-1.2.50-7.el7_2.s390x.rpm x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libpng12-1.2.50-7.el7_2.src.rpm x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFWaEOWXlSAg2UNWIIRArqQAJiXHpRTjePlByUwb2yeLtnA6ZHDAJ483rVP N/LWwsGEwId3XWZYVPOUSQ== =s2GT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. CVE-2016-1631 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the Pepper Plugin API. CVE-2016-1632 A bad cast was discovered. CVE-2016-1633 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1634 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1635 Rob Wu discovered a use-after-free issue in Blink/Webkit. CVE-2016-1636 A way to bypass SubResource Integrity validation was discovered. CVE-2016-1637 Keve Nagy discovered an information leak in the skia library. CVE-2016-1638 Rob Wu discovered a WebAPI bypass issue. CVE-2016-1639 Khalil Zhani discovered a use-after-free issue in the WebRTC implementation. CVE-2016-1640 Luan Herrera discovered an issue with the Extensions user interface. CVE-2016-1641 Atte Kettunen discovered a use-after-free issue in the handling of favorite icons. CVE-2016-1642 The chrome 49 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.26. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.75-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.75-1. We recommend that you upgrade your chromium-browser packages

Trust: 2.07

sources: NVD: CVE-2015-8126 // VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // PACKETSTORM: 135555 // PACKETSTORM: 136204 // PACKETSTORM: 135556 // PACKETSTORM: 135558 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 134719 // PACKETSTORM: 136095

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	gte	version:	1.3.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.0.64	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	redhat	model:	satellite	scope:	eq	version:	5.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.04	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	21	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.4.17	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.7	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.5.24	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.2.54	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	22	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.11.4	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.6.19	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	23	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	gte	version:	1.5.0	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.0
vendor:	redhat	model:	satellite	scope:	eq	version:	5.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	gte	version:	1.6.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	gte	version:	1.1.1	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.3	Trust: 0.6

sources: CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8126
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201511-246
value:	HIGH
Trust: 0.6
VULHUB:	VHN-86087
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-8126
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-8126
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-86087
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-86087 // NVD: CVE-2015-8126

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 136204 // CNNVD: CNNVD-201511-246

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201511-246

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-86087

PATCH

title:	libpng Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58735	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2016/01/20/oracle_q1_2016_patch_release/	Trust: 0.2
title:	Red Hat: Moderate: libpng12 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152595 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: libpng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152596 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: libpng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152594 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2015-8126: buffer overflow	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=48ea0ad3686f0e21036476817f732c90	Trust: 0.1
title:	Debian CVElist Bug Report Logs: libpng: CVE-2015-7981: out-of-bound read	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=83b375e2e219a2891fcbdacbafaee367	Trust: 0.1
title:	Ubuntu Security Notice: libpng vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2815-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=386e683fecec564e81371b5dca873869	Trust: 0.1
title:	Debian Security Advisories: DSA-3399-1 libpng -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6c419f27840ce87aab71c3d89dad3813	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2015-611	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-611	Trust: 0.1
title:	Red Hat: CVE-2015-8126	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-8126	Trust: 0.1
title:	Debian Security Advisories: DSA-3443-1 libpng -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=57e4bc5fc071e2986f7cef65414ffe23	Trust: 0.1
title:	Apple: OS X El Capitan v10.11.4 and Security Update 2016-002	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ef054ba76412200e34091eb91c38c281	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58	Trust: 0.1
title:	cheque	url:	https://github.com/sonatype-nexus-community/cheque	Trust: 0.1
title:	clair-lab	url:	https://github.com/sjourdan/clair-lab	Trust: 0.1
title:	afl-cve	url:	https://github.com/mrash/afl-cve	Trust: 0.1

sources: VULMON: CVE-2015-8126 // CNNVD: CNNVD-201511-246

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8126	Trust: 2.9
db:	BID	id:	77568	Trust: 1.8
db:	SECTRACK	id:	1034142	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2015/11/12/2	Trust: 1.8
db:	MCAFEE	id:	SB10148	Trust: 1.8
db:	CNNVD	id:	CNNVD-201511-246	Trust: 0.7
db:	PACKETSTORM	id:	136095	Trust: 0.2
db:	PACKETSTORM	id:	135338	Trust: 0.2
db:	PACKETSTORM	id:	134720	Trust: 0.2
db:	SEEBUG	id:	SSVID-89794	Trust: 0.1
db:	VULHUB	id:	VHN-86087	Trust: 0.1
db:	VULMON	id:	CVE-2015-8126	Trust: 0.1
db:	PACKETSTORM	id:	135555	Trust: 0.1
db:	PACKETSTORM	id:	136204	Trust: 0.1
db:	PACKETSTORM	id:	135556	Trust: 0.1
db:	PACKETSTORM	id:	135558	Trust: 0.1
db:	PACKETSTORM	id:	135557	Trust: 0.1
db:	PACKETSTORM	id:	135339	Trust: 0.1
db:	PACKETSTORM	id:	134722	Trust: 0.1
db:	PACKETSTORM	id:	134719	Trust: 0.1

sources: VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // PACKETSTORM: 135555 // PACKETSTORM: 136204 // PACKETSTORM: 135556 // PACKETSTORM: 135558 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 134719 // PACKETSTORM: 136095 // CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

REFERENCES

url:	http://www.securityfocus.com/bid/77568	Trust: 1.9
url:	https://security.gentoo.org/glsa/201603-09	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-2594.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-2595.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-2596.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2016-0055.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2016-0057.html	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.8
url:	http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Trust: 1.8
url:	https://code.google.com/p/chromium/issues/detail?id=560291	Trust: 1.8
url:	https://support.apple.com/ht206167	Trust: 1.8
url:	http://www.debian.org/security/2015/dsa-3399	Trust: 1.8
url:	http://www.debian.org/security/2016/dsa-3507	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172769.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172620.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172663.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172324.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172823.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172797.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172647.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177382.html	Trust: 1.8
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177344.html	Trust: 1.8
url:	https://security.gentoo.org/glsa/201611-08	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2015/11/12/2	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-0056.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2016:1430	Trust: 1.8
url:	http://www.securitytracker.com/id/1034142	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2815-1	Trust: 1.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10148	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2015-8126	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8126	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8472	Trust: 0.9
url:	https://access.redhat.com/articles/11258	Trust: 0.9
url:	https://access.redhat.com/security/team/contact/	Trust: 0.9
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.9
url:	https://bugzilla.redhat.com/):	Trust: 0.9
url:	https://access.redhat.com/security/team/key/	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2015-8472	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2016-0448	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0448	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0466	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-0483	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0483	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-0402	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0494	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-0466	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0402	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-0494	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7575	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2015-7575	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2015-7981	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7981	Trust: 0.5
url:	http://www.ibm.com/developerworks/java/jdk/alerts/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5041	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-5041	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-8540	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8540	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-0475	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0475	Trust: 0.2
url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10148	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2015:2595	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/sonatype-nexus-community/cheque	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=43864	Trust: 0.1
url:	https://usn.ubuntu.com/2815-1/	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0100.html	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1625	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1276	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1295	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6768	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1273	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1641	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6792	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6761	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1617	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1278	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1293	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6764	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1285	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1296	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6791	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1274	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6786	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1296	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1288	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1619	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6776	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1613	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1297	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1282	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1287	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1284	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6771	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1636	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1294	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1639	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1278	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1298	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1299	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6781	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1279	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1289	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1272	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6762	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6789	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6763	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6758	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1297	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1618	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8126	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1280	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1622	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1281	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1270	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1637	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1277	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1289	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1291	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1295	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1286	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1279	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1287	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1304	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1292	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1271	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1293	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6757	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6770	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6774	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1294	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1614	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6783	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1280	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6787	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6790	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1281	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6766	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1612	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1640	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1303	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6765	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1284	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6785	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6756	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1634	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6760	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1633	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1626	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6782	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6767	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6780	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1288	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1302	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1628	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1292	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1275	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1627	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6775	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1272	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1616	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1629	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6778	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6784	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6769	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1277	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1300	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1275	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1273	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6759	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6777	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1291	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1285	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1286	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1631	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1298	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6755	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1283	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1282	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1276	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1630	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1274	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6779	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0098.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0101.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0099.html	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1636	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1633	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1634	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1639	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1630	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1640	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1642	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1635	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1631	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1637	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 135555 // PACKETSTORM: 135556 // PACKETSTORM: 135558 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 134719

SOURCES

db:	VULHUB	id:	VHN-86087
db:	VULMON	id:	CVE-2015-8126
db:	PACKETSTORM	id:	135555
db:	PACKETSTORM	id:	136204
db:	PACKETSTORM	id:	135556
db:	PACKETSTORM	id:	135558
db:	PACKETSTORM	id:	135557
db:	PACKETSTORM	id:	135339
db:	PACKETSTORM	id:	135338
db:	PACKETSTORM	id:	134720
db:	PACKETSTORM	id:	134722
db:	PACKETSTORM	id:	134719
db:	PACKETSTORM	id:	136095
db:	CNNVD	id:	CNNVD-201511-246
db:	NVD	id:	CVE-2015-8126

LAST UPDATE DATE

2025-04-13T22:42:40.856000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-86087	date:	2020-08-31T00:00:00
db:	VULMON	id:	CVE-2015-8126	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-201511-246	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2015-8126	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-86087	date:	2015-11-13T00:00:00
db:	VULMON	id:	CVE-2015-8126	date:	2015-11-13T00:00:00
db:	PACKETSTORM	id:	135555	date:	2016-02-02T16:43:57
db:	PACKETSTORM	id:	136204	date:	2016-03-14T14:51:21
db:	PACKETSTORM	id:	135556	date:	2016-02-02T16:44:07
db:	PACKETSTORM	id:	135558	date:	2016-02-02T16:44:18
db:	PACKETSTORM	id:	135557	date:	2016-02-02T16:44:12
db:	PACKETSTORM	id:	135339	date:	2016-01-21T14:47:36
db:	PACKETSTORM	id:	135338	date:	2016-01-21T14:47:29
db:	PACKETSTORM	id:	134720	date:	2015-12-10T00:39:58
db:	PACKETSTORM	id:	134722	date:	2015-12-10T00:40:23
db:	PACKETSTORM	id:	134719	date:	2015-12-10T00:39:51
db:	PACKETSTORM	id:	136095	date:	2016-03-07T15:09:16
db:	CNNVD	id:	CNNVD-201511-246	date:	2015-11-16T00:00:00
db:	NVD	id:	CVE-2015-8126	date:	2015-11-13T03:59:05.917