ID

VAR-201902-0855

CVE

CVE-2019-7317

TITLE

libpng Resource Management Error Vulnerability

DESCRIPTION

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.1-ibm security update Advisory ID: RHSA-2019:2494-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2019:2494 Issue date: 2019-08-15 CVE Names: CVE-2019-2762 CVE-2019-2769 CVE-2019-2816 CVE-2019-7317 CVE-2019-11775 ===================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP50. Security Fix(es): * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.50-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.50-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-2762 https://access.redhat.com/security/cve/CVE-2019-2769 https://access.redhat.com/security/cve/CVE-2019-2816 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-11775 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXVUgBtzjgjWX9erEAQg5bBAAjPXukMp83HTw0k3xseyBEklamYSAD5Hq 1Tidly9WGIiIjToZiswjUMGhuxjh9V0aUSXQaytgn7GLT/Hgh2ztFsLs039Nc2cw AJnap7mpzuLwmWTASHHoLlYcciLHgkj/mdhOVOn4yrLNtMnRklv7NsBlNZgkrjBn cYCz8ojE6Fc1BGzSYQBjHWRi0s6BCYfAY01ACgzAPIeRdp4JSzr6RUeuXP/wkAOM KRKhhEF/RvrWutEIzJ9x4U0Sg7VpIDX3lyQohNRr7zn54GUxA8FfXSWb2JDs2Sjg 5YNq1YBAAB0oATXXNOkeykU7V29PRqe3LDHJZmK2oetXC2bke5HAZZ+VwuARYAjO RxyWEjz2zWCNlpsfMLq1dMDHDxV3vedjJxStQMlGLfNiPg0NomNe2YZEM1larzt5 zeGip7CO8AhgUAVwVID/102Ep96hDP2n9O0Hp20JN1/GispwhOnUeOHAKt8NoIzX /f4G/4qkNt9UmYjbaHjpM1dz6Wmqz5vxd4jzCJTKmfwZCJ29Xbsd4vPB5xV5412R ltG/KuRrfWpz8oee1GkPY/DwmLErbr0dsayudJRc8R/jIAQRcG2UdsIR8kR298ek FLsIZ6fzAE7Jjo883bG2chDsJ4xZ5lSuicehjke1PM4/a4dpMyxfVSu/esdSlx70 7VEaYReI+qw= =LwYT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Some of the patched flaws are considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. ========================================================================= Ubuntu Security Notice USN-4080-1 July 31, 2019 openjdk-8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-8: Open Source Java implementation Details: Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. (CVE-2019-2745) It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) Nati Nimni discovered that the Java Cryptography Extension component in OpenJDK did not properly perform array bounds checking in some situations. An attacker could use this to cause a denial of service. (CVE-2019-2842) It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: openjdk-8-jdk 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jdk-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-jamvm 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-zero 8u222-b10-1ubuntu1~16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2019-107-01) New libpng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. Fixed a memory leak in pngtest.c. Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz Slackware x86_64 14.2 package: e141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz Slackware -current package: 0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz Slackware x86_64 -current package: d8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libpng-1.6.37-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu,Debian,Slackware Security Team

SOURCES

LAST UPDATE DATE

2025-04-13T19:53:31.313000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE