ID

VAR-201511-0126


CVE

CVE-2015-8126


TITLE

libpng Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201511-246

DESCRIPTION

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. ============================================================================ Ubuntu Security Notice USN-2815-1 November 19, 2015 libpng vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: libpng could be made to crash or run programs as your login if it opened a specially crafted file. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-3425) Qixue Xiao discovered that libpng incorrectly handled certain time values. (CVE-2015-7981) It was discovered that libpng incorrectly handled certain small bit-depth values. (CVE-2015-8126) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libpng12-0 1.2.51-0ubuntu3.15.10.1 Ubuntu 15.04: libpng12-0 1.2.51-0ubuntu3.15.04.1 Ubuntu 14.04 LTS: libpng12-0 1.2.50-1ubuntu2.14.04.1 Ubuntu 12.04 LTS: libpng12-0 1.2.46-3ubuntu4.1 After a standard system update you need to restart your session to make all the necessary changes. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of IBM Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Multiple vulnerabilities Date: November 15, 2016 Bugs: #564244, #565678, #568216 ID: 201611-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service. It is used by several other programs, including web browsers and potentially server processes. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.6.21 *>= 1.2.56 *>= 1.5.26 >= 1.6.21 Description =========== Multiple vulnerabilities were found in libpng. Please review the referenced CVE=E2=80=99s for additional information. Impact ====== Remote attackers could cause a Denial of Service condition or have other unspecified impacts. Workaround ========== There is no known workaround at this time. Resolution ========== All libpng 1.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.56" All libpng 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.26" All libpng 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.21" References ========== [ 1 ] CVE-2015-7981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7981 [ 2 ] CVE-2015-8126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126 [ 3 ] CVE-2015-8540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8540 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2015:2594-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2594.html Issue date: 2015-12-09 CVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 ===================================================================== 1. Summary: Updated libpng packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm x86_64: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm ppc64: libpng-1.2.49-2.el6_7.ppc.rpm libpng-1.2.49-2.el6_7.ppc64.rpm libpng-debuginfo-1.2.49-2.el6_7.ppc.rpm libpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm libpng-devel-1.2.49-2.el6_7.ppc.rpm libpng-devel-1.2.49-2.el6_7.ppc64.rpm s390x: libpng-1.2.49-2.el6_7.s390.rpm libpng-1.2.49-2.el6_7.s390x.rpm libpng-debuginfo-1.2.49-2.el6_7.s390.rpm libpng-debuginfo-1.2.49-2.el6_7.s390x.rpm libpng-devel-1.2.49-2.el6_7.s390.rpm libpng-devel-1.2.49-2.el6_7.s390x.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm ppc64: libpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm libpng-static-1.2.49-2.el6_7.ppc64.rpm s390x: libpng-debuginfo-1.2.49-2.el6_7.s390x.rpm libpng-static-1.2.49-2.el6_7.s390x.rpm x86_64: libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm x86_64: libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWaENsXlSAg2UNWIIRAoUpAJ9Nlo47EQRO6dLZCmTorScK3JsMfACdF3ZW 1H8Hq0Bx4u9dJmTNDBAMHS8= =fXjS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7981 Qixue Xiao discovered an out-of-bounds read vulnerability in the png_convert_to_rfc1123 function. A remote attacker can potentially take advantage of this flaw to cause disclosure of information from process memory. For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.49-1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 1.2.50-2+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 1.2.54-1

Trust: 1.98

sources: NVD: CVE-2015-8126 // VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // PACKETSTORM: 135558 // PACKETSTORM: 134452 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 139733 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 135341 // PACKETSTORM: 134436

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:libpngmodel:libpngscope:gteversion:1.5.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.2

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:libpngmodel:libpngscope:gteversion:1.3.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:42.1

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.3

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:12

Trust: 1.0

vendor:redhatmodel:satellitescope:eqversion:5.7

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:12

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.5.24

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:libpngmodel:libpngscope:gteversion:1.6.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.2.54

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:satellitescope:eqversion:5.6

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.7

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.4

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.4.17

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:21

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.6.19

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.7

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.0.64

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:22

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:libpngmodel:libpngscope:gteversion:1.1.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:23

Trust: 1.0

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.11.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.3

Trust: 0.6

sources: CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8126
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201511-246
value: HIGH

Trust: 0.6

VULHUB: VHN-86087
value: HIGH

Trust: 0.1

VULMON: CVE-2015-8126
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-8126
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-86087
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-86087 // NVD: CVE-2015-8126

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 139733 // CNNVD: CNNVD-201511-246

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201511-246

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-86087

PATCH

title:libpng Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58735

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2016/01/20/oracle_q1_2016_patch_release/

Trust: 0.2

title:Red Hat: Moderate: libpng12 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152595 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: libpng security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152596 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: libpng security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152594 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2015-8126: buffer overflowurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=48ea0ad3686f0e21036476817f732c90

Trust: 0.1

title:Debian CVElist Bug Report Logs: libpng: CVE-2015-7981: out-of-bound readurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=83b375e2e219a2891fcbdacbafaee367

Trust: 0.1

title:Ubuntu Security Notice: libpng vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2815-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=386e683fecec564e81371b5dca873869

Trust: 0.1

title:Debian Security Advisories: DSA-3399-1 libpng -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6c419f27840ce87aab71c3d89dad3813

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-611url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-611

Trust: 0.1

title:Red Hat: CVE-2015-8126url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-8126

Trust: 0.1

title:Debian Security Advisories: DSA-3443-1 libpng -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=57e4bc5fc071e2986f7cef65414ffe23

Trust: 0.1

title:Apple: OS X El Capitan v10.11.4 and Security Update 2016-002url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ef054ba76412200e34091eb91c38c281

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPSurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58

Trust: 0.1

title:chequeurl:https://github.com/sonatype-nexus-community/cheque

Trust: 0.1

title:clair-laburl:https://github.com/sjourdan/clair-lab

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

sources: VULMON: CVE-2015-8126 // CNNVD: CNNVD-201511-246

EXTERNAL IDS

db:NVDid:CVE-2015-8126

Trust: 2.8

db:BIDid:77568

Trust: 1.8

db:SECTRACKid:1034142

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2015/11/12/2

Trust: 1.8

db:MCAFEEid:SB10148

Trust: 1.8

db:CNNVDid:CNNVD-201511-246

Trust: 0.7

db:PACKETSTORMid:135338

Trust: 0.2

db:PACKETSTORMid:134720

Trust: 0.2

db:PACKETSTORMid:136095

Trust: 0.1

db:SEEBUGid:SSVID-89794

Trust: 0.1

db:VULHUBid:VHN-86087

Trust: 0.1

db:VULMONid:CVE-2015-8126

Trust: 0.1

db:PACKETSTORMid:135558

Trust: 0.1

db:PACKETSTORMid:134452

Trust: 0.1

db:PACKETSTORMid:135557

Trust: 0.1

db:PACKETSTORMid:135339

Trust: 0.1

db:PACKETSTORMid:139733

Trust: 0.1

db:PACKETSTORMid:134722

Trust: 0.1

db:PACKETSTORMid:135341

Trust: 0.1

db:PACKETSTORMid:134436

Trust: 0.1

sources: VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // PACKETSTORM: 135558 // PACKETSTORM: 134452 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 139733 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 135341 // PACKETSTORM: 134436 // CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

REFERENCES

url:http://www.securityfocus.com/bid/77568

Trust: 1.9

url:https://security.gentoo.org/glsa/201611-08

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2015-2594.html

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2015-2596.html

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-0055.html

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-0056.html

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-0057.html

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2815-1

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html

Trust: 1.8

url:http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 1.8

url:https://code.google.com/p/chromium/issues/detail?id=560291

Trust: 1.8

url:https://support.apple.com/ht206167

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3399

Trust: 1.8

url:http://www.debian.org/security/2016/dsa-3507

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172769.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172620.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172663.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172324.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172823.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172797.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172647.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177382.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177344.html

Trust: 1.8

url:https://security.gentoo.org/glsa/201603-09

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2015/11/12/2

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-2595.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2016:1430

Trust: 1.8

url:http://www.securitytracker.com/id/1034142

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10148

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-8126

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2015-8126

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-8472

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2015-8472

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-7981

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2016-0448

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0448

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0466

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2016-0483

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0483

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2016-0402

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0494

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2016-0466

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0402

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2016-0494

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7575

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-7575

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-7981

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8540

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava

Trust: 0.3

url:https://www.ibm.com/developerworks/java/jdk/alerts/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5041

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8540

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-5041

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10148

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:2595

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/sonatype-nexus-community/cheque

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=43864

Trust: 0.1

url:https://usn.ubuntu.com/2815-1/

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2016-0101.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu4.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3425

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.10.1

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2016-0099.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0475

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0475

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8126

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7981

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8540

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-86087 // VULMON: CVE-2015-8126 // PACKETSTORM: 135558 // PACKETSTORM: 134452 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 139733 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 135341 // PACKETSTORM: 134436 // CNNVD: CNNVD-201511-246 // NVD: CVE-2015-8126

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 135558 // PACKETSTORM: 135557 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 135341

SOURCES

db:VULHUBid:VHN-86087
db:VULMONid:CVE-2015-8126
db:PACKETSTORMid:135558
db:PACKETSTORMid:134452
db:PACKETSTORMid:135557
db:PACKETSTORMid:135339
db:PACKETSTORMid:139733
db:PACKETSTORMid:135338
db:PACKETSTORMid:134720
db:PACKETSTORMid:134722
db:PACKETSTORMid:135341
db:PACKETSTORMid:134436
db:CNNVDid:CNNVD-201511-246
db:NVDid:CVE-2015-8126

LAST UPDATE DATE

2024-11-23T21:10:07.608000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-86087date:2020-08-31T00:00:00
db:VULMONid:CVE-2015-8126date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-201511-246date:2022-05-16T00:00:00
db:NVDid:CVE-2015-8126date:2024-11-21T02:38:02.947

SOURCES RELEASE DATE

db:VULHUBid:VHN-86087date:2015-11-13T00:00:00
db:VULMONid:CVE-2015-8126date:2015-11-13T00:00:00
db:PACKETSTORMid:135558date:2016-02-02T16:44:18
db:PACKETSTORMid:134452date:2015-11-20T00:42:48
db:PACKETSTORMid:135557date:2016-02-02T16:44:12
db:PACKETSTORMid:135339date:2016-01-21T14:47:36
db:PACKETSTORMid:139733date:2016-11-15T16:48:40
db:PACKETSTORMid:135338date:2016-01-21T14:47:29
db:PACKETSTORMid:134720date:2015-12-10T00:39:58
db:PACKETSTORMid:134722date:2015-12-10T00:40:23
db:PACKETSTORMid:135341date:2016-01-21T14:47:53
db:PACKETSTORMid:134436date:2015-11-19T14:13:58
db:CNNVDid:CNNVD-201511-246date:2015-11-16T00:00:00
db:NVDid:CVE-2015-8126date:2015-11-13T03:59:05.917