ID

VAR-201902-0855


CVE

CVE-2019-7317


TITLE

libpng Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

DESCRIPTION

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. libpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2019:1265-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1265 Issue date: 2019-05-23 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712625 - CVE-2019-9816 Mozilla: Type confusion with object groups and UnboxedObjects 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm x86_64: firefox-60.7.0-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-60.7.0-1.el7_6.i686.rpm firefox-debuginfo-60.7.0-1.el7_6.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm ppc64: firefox-60.7.0-1.el7_6.ppc64.rpm firefox-debuginfo-60.7.0-1.el7_6.ppc64.rpm ppc64le: firefox-60.7.0-1.el7_6.ppc64le.rpm firefox-debuginfo-60.7.0-1.el7_6.ppc64le.rpm s390x: firefox-60.7.0-1.el7_6.s390x.rpm firefox-debuginfo-60.7.0-1.el7_6.s390x.rpm x86_64: firefox-60.7.0-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm aarch64: firefox-60.7.0-1.el7_6.aarch64.rpm firefox-debuginfo-60.7.0-1.el7_6.aarch64.rpm ppc64le: firefox-60.7.0-1.el7_6.ppc64le.rpm firefox-debuginfo-60.7.0-1.el7_6.ppc64le.rpm s390x: firefox-60.7.0-1.el7_6.s390x.rpm firefox-debuginfo-60.7.0-1.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-60.7.0-1.el7_6.i686.rpm firefox-debuginfo-60.7.0-1.el7_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm x86_64: firefox-60.7.0-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-60.7.0-1.el7_6.i686.rpm firefox-debuginfo-60.7.0-1.el7_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9816 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXOa9NtzjgjWX9erEAQjJMQ//YCJ2neCX+EW9jtNzMzJ5XN0pUgLrz5Me 4AP0z1wH40oILuLzgpClMNu8a589SynU9CksnLAOqleunDMIYUU1rD5g7At64VKq BoVtEGY9UfGi/rhx/Xp3nrLlweDxs57yFDCGHCci4AqS4LwT3w/a0z2VkuRQ76yh ETRGdCtEmC8Ybizs5Oge4b205CoHLLGbPf8xdQ2rtX+0/Ch+lqH6MLDPMNuW0YhM Ihh/O8PHZVZwDjWrDVcPvBXENuP84H/KG03F/SURnn40sbGIz8Cw8SUXoGUQWUjz 3FxD3sd8KZfnHvs7iXdBHTW4svFJH2lmbyaIdN5yz5F1jcfyIS6DJ+HBPXYwS5AA ryZ9UlOQKgSYV6dbY/38X+ZRHwwBYAYpOceGKrrpn0J87hI/T+KVB7Wn8jKbEQZ+ s8A8s65Taa2FSi021cIBb30lgULRW5FNMmv1n8D5OVI7r4fCvx4rl5nzRRXcIaKc mgBQO6MvJre2InsLnx+djfdejnzbA7y8cPjuLBF5hCaHLmX6apZLZf+h7ZBL5Sjc LZC4m562Xfp2/N3kDfj2Oqxnk9M52933dpBHEbR9Sba+Vz/n/j4kTzsP+Za7P7AR Vdrf3Wa4/3rjmric1HCzCwLDGUS947NQo5yOnSv7Zpz4MJErpiVeHyKChoEIHyc1 fKlOXCgcXzc=Lhyh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. For the stable distribution (stretch), these problems have been fixed in version 60.7.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzlvbsACgkQEMKTtsN8 Tjbjdw//SFhYHCEUthqN3/dLBiaxWDgroWKROjsm13N+83Tc859m5oGFutT1X5Ry C57MaxZ6Jfv5lh2jnIzFbOOTc3iMZak5NhhvMeq/SK9FlR/IqZ3wXIzUELBC8o3v iEXZfD6MDycNnlhe4034zzwevxy4+/olXk1mU9ePsoO3LWkFIFRpkE5EhV+5ZIUh OPadgArSzVe2mS/+HpIAzAaJHii8fe3PmUprYzf1rNReR7NfA21mZtHiD/X57Sq4 NT6st/W8aqEblc57fcAMJJve3H7lvbPqB7GPoVsFhIauHV6Sa6/ks8cyqMiF5KLj dz7DSAFkdpd0cRF/94jWy13dzeZ3+koH4M4pdqk41R3Cb4VixNdBxMsJKsn25efE AbR/6rF6IFmWe0PswyHHPmwsd/+5w2r5Az/mlQn/3vVtVL8XoZLpGrLx4WT03Fi7 c9Ax/TniB/tAVseR7SkaawuvAzCtN9RtQ/7q7z9jEvSZV6AgYsQzQuCzn/jHXGuq Ay3coWxRAFBHTE4HgFrZRtZmRuoZ2lMIoN+jYiicZ9UAG5IXVexo9JWZGWR1QWnS U3AwK0Qi7firv3/lz3IgTdAdwK/P38nfVRtQmtZfnsk6wCDDp7F67Fb1kH4ZXPUl 0DjtVTaxSXqtsqDXhx6jS26w9n9NThax2+JRpdcAnDx5gyCu1zo= =r0k3 -----END PGP SIGNATURE----- . 8) - aarch64, ppc64le, s390x, x86_64 3. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning 6. Description: Mozilla Thunderbird is a standalone mail and newsgroup client

Trust: 1.89

sources: NVD: CVE-2019-7317 // BID: 108098 // VULMON: CVE-2019-7317 // PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153011 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282

AFFECTED PRODUCTS

vendor:opensusemodel:package hubscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for scientific computingscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:satellitescope:eqversion:5.8

Trust: 1.0

vendor:redhatmodel:enterprise linux for power big endianscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for scientific computingscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:hyperion infrastructure technologyscope:eqversion:11.2.6.0

Trust: 1.0

vendor:hpemodel:xp7 command view advanced edition suitescope:ltversion:8.7.0-00

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion:3.4.2

Trust: 1.0

vendor:oraclemodel:java sescope:eqversion:8u212

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:ltversion:9.6

Trust: 1.0

vendor:netappmodel:e-series santricity storage managerscope:ltversion:11.53

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.6.37

Trust: 1.0

vendor:netappmodel:e-series santricity managementscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for power big endianscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:steelstorescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:libpngmodel:libpngscope:gteversion:1.6.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:oncommand insightscope:ltversion:7.3.9

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:mysqlscope:ltversion:8.0.23

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:12.0.1

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:42.3

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion:9.6

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:mozillamodel:thunderbirdscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:ltversion:5.1

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.3

Trust: 1.0

vendor:mozillamodel:firefoxscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:ltversion:4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:snapmanagerscope:ltversion:3.4.2

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:e-series santricity unified managerscope:ltversion:3.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:oraclemodel:java sescope:eqversion:7u221

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:plug-in for symantec netbackupscope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:hpmodel:xp7 command viewscope:ltversion:8.7.0-00

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:libpngmodel:libpngscope:eqversion:1.6.36

Trust: 0.3

vendor:libpngmodel:libpngscope:neversion:1.6.37

Trust: 0.3

sources: BID: 108098 // NVD: CVE-2019-7317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7317
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201902-012
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-7317
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-7317
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-7317
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2019-7317 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

sources: NVD: CVE-2019-7317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

PATCH

title:Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.curl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ef2bbc82329f4e3dd9e23c0137af2a7b

Trust: 0.1

title:Ubuntu Security Notice: libpng1.6 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3962-1

Trust: 0.1

title:Debian Security Advisories: DSA-4435-1 libpng1.6 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d60ba88361ab9afdcad18ca2a106ac3b

Trust: 0.1

title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192494 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192495 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201904-10] libpng: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201904-10

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192737 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-7317url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-7317

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192585 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192590 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192592 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-7317

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191308 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191310 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191265 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191269 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191309 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openjdk-lts vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4083-1

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191267 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openjdk-8 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4080-1

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3997-1

Trust: 0.1

title:Debian Security Advisories: DSA-4451-1 thunderbird -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1cf7f39c2c474666174a69cf97b06740

Trust: 0.1

title:Ubuntu Security Notice: firefox regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-3

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIXurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=61e62f4d9c861153c6391afc0ec560a4

Trust: 0.1

title:Debian Security Advisories: DSA-4448-1 firefox-esr -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e2d9ccf571c31c1011ad31af2798140f

Trust: 0.1

title:Ubuntu Security Notice: firefox regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-2

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-8

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1246url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1246

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2019-14url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-14

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONASurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4a8e20a238934bc47ca332a3c76cc9c3

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisorurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-117

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=acad3ac1b2767940a01b72ed1b51586b

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-9] firefox: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-9

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-116

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1229url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1229

Trust: 0.1

title:Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=554d832b08166d6d04a53f3c421e7f9b

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2019 – Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Timeurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=de7b9859dff396513e72da22ffc4ab3e

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2019-15url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-15

Trust: 0.1

title:Mozilla: Security vulnerabilities fixed in Thunderbird 60.7url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=198e3a670ab8c803584e801da3919e61

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Editionurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=836b059f33e614408bd51705b325caaf

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterpriseurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b352b6737bfbf2a62b0a2201928e8963

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStackurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ad5c6091de269fb79e0c4d1c06b0846

Trust: 0.1

title:Mozilla: Security vulnerabilities fixed in Firefox 67url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=730fce689efe63b7de803de0d8794796

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2019-13url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-13

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-zurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ef3e54cc5cdc194f0526779f9480f89

Trust: 0.1

sources: VULMON: CVE-2019-7317

EXTERNAL IDS

db:NVDid:CVE-2019-7317

Trust: 2.7

db:BIDid:108098

Trust: 2.0

db:PACKETSTORMid:152561

Trust: 1.7

db:PACKETSTORMid:152664

Trust: 0.6

db:PACKETSTORMid:152702

Trust: 0.6

db:AUSCERTid:ESB-2019.1877

Trust: 0.6

db:AUSCERTid:ESB-2019.1491

Trust: 0.6

db:AUSCERTid:ESB-2019.4466

Trust: 0.6

db:AUSCERTid:ESB-2020.0775

Trust: 0.6

db:AUSCERTid:ESB-2019.1454

Trust: 0.6

db:AUSCERTid:ESB-2019.4293

Trust: 0.6

db:AUSCERTid:ESB-2019.4381

Trust: 0.6

db:CS-HELPid:SB2021042108

Trust: 0.6

db:CNNVDid:CNNVD-201902-012

Trust: 0.6

db:VULMONid:CVE-2019-7317

Trust: 0.1

db:PACKETSTORMid:153064

Trust: 0.1

db:PACKETSTORMid:154069

Trust: 0.1

db:PACKETSTORMid:153011

Trust: 0.1

db:PACKETSTORMid:153067

Trust: 0.1

db:PACKETSTORMid:154068

Trust: 0.1

db:PACKETSTORMid:153158

Trust: 0.1

db:PACKETSTORMid:154282

Trust: 0.1

sources: VULMON: CVE-2019-7317 // BID: 108098 // PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153011 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

REFERENCES

url:http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html

Trust: 2.9

url:https://www.debian.org/security/2019/dsa-4435

Trust: 2.6

url:https://usn.ubuntu.com/3962-1/

Trust: 2.4

url:http://www.securityfocus.com/bid/108098

Trust: 2.4

url:https://www.debian.org/security/2019/dsa-4451

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://github.com/glennrp/libpng/issues/275

Trust: 2.0

url:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

Trust: 2.0

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2019:1265

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:1269

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:1310

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2494

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2495

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2585

Trust: 1.8

url:https://seclists.org/bugtraq/2019/apr/30

Trust: 1.7

url:https://seclists.org/bugtraq/2019/apr/36

Trust: 1.7

url:https://usn.ubuntu.com/3991-1/

Trust: 1.7

url:https://seclists.org/bugtraq/2019/may/56

Trust: 1.7

url:https://seclists.org/bugtraq/2019/may/59

Trust: 1.7

url:https://www.debian.org/security/2019/dsa-4448

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:1267

Trust: 1.7

url:https://seclists.org/bugtraq/2019/may/67

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html

Trust: 1.7

url:https://usn.ubuntu.com/3997-1/

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:1309

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:1308

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20190719-0005/

Trust: 1.7

url:https://usn.ubuntu.com/4080-1/

Trust: 1.7

url:https://usn.ubuntu.com/4083-1/

Trust: 1.7

url:https://security.gentoo.org/glsa/201908-02

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2590

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2592

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2737

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03977en_us

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2019-7317

Trust: 1.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-7317

Trust: 1.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1672409

Trust: 0.9

url:https://access.redhat.com/articles/11258

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.6

url:https://github.com/glennrp/libpng/issues/275exploitissue trackingthird party advisory

Trust: 0.6

url:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803mailing listthird party advisory

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193060-1.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1096270

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106139

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106487

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106553

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106493

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79850

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4381/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1107879

Trust: 0.6

url:https://packetstormsecurity.com/files/152702/ubuntu-security-notice-usn-3962-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79998

Trust: 0.6

url:https://packetstormsecurity.com/files/152664/debian-security-advisory-4435-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1138432

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4293/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4466/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1074382

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137448

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0775/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1877/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-18511

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9820

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11698

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11691

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9819

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9800

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9817

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9797

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-5798

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11693

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11692

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9816

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9817

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11698

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9797

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11692

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11693

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9819

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-18511

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9820

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9800

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11691

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5798

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11775

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-2762

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11775

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-2816

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-2769

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-2762

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-2816

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-2769

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9816

Trust: 0.2

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59551

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security-tracker.debian.org/tracker/firefox-esr

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2786

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11772

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2786

Trust: 0.1

sources: VULMON: CVE-2019-7317 // BID: 108098 // PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153011 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282

SOURCES

db:VULMONid:CVE-2019-7317
db:BIDid:108098
db:PACKETSTORMid:153064
db:PACKETSTORMid:154069
db:PACKETSTORMid:153011
db:PACKETSTORMid:153067
db:PACKETSTORMid:154068
db:PACKETSTORMid:153158
db:PACKETSTORMid:154282
db:CNNVDid:CNNVD-201902-012
db:NVDid:CVE-2019-7317

LAST UPDATE DATE

2024-11-23T21:19:16.418000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-7317date:2022-05-23T00:00:00
db:BIDid:108098date:2019-01-25T00:00:00
db:CNNVDid:CNNVD-201902-012date:2021-10-20T00:00:00
db:NVDid:CVE-2019-7317date:2024-11-21T04:48:00.033

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-7317date:2019-02-04T00:00:00
db:BIDid:108098date:2019-01-25T00:00:00
db:PACKETSTORMid:153064date:2019-05-23T16:55:25
db:PACKETSTORMid:154069date:2019-08-15T20:14:50
db:PACKETSTORMid:153011date:2019-05-22T23:44:44
db:PACKETSTORMid:153067date:2019-05-23T16:56:40
db:PACKETSTORMid:154068date:2019-08-15T20:14:24
db:PACKETSTORMid:153158date:2019-06-03T14:02:22
db:PACKETSTORMid:154282date:2019-09-02T17:37:20
db:CNNVDid:CNNVD-201902-012date:2019-02-04T00:00:00
db:NVDid:CVE-2019-7317date:2019-02-04T08:29:00.447