Security update for libpng16
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:2262-1
Final
1
1
2015-12-14T08:20:20Z
current
2015-12-14T08:20:20Z
2015-12-14T08:20:20Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libpng16
libpng16 was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-8126: previously fixed incompletely [boo#954980]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html
E-Mail link for openSUSE-SU-2015:2262-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
libpng16-1.6.6-22.1
libpng16-16-1.6.6-22.1
libpng16-16-32bit-1.6.6-22.1
libpng16-compat-devel-1.6.6-22.1
libpng16-compat-devel-32bit-1.6.6-22.1
libpng16-devel-1.6.6-22.1
libpng16-devel-32bit-1.6.6-22.1
libpng16-tools-1.6.6-22.1
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-8126
moderate
4.3
AV:L/AC:L/Au:S/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html
https://www.suse.com/security/cve/CVE-2015-8126.html
CVE-2015-8126
https://bugzilla.suse.com/954980
SUSE Bug 954980
https://bugzilla.suse.com/958198
SUSE Bug 958198
https://bugzilla.suse.com/960402
SUSE Bug 960402
https://bugzilla.suse.com/962743
SUSE Bug 962743
https://bugzilla.suse.com/963937
SUSE Bug 963937
https://bugzilla.suse.com/969333
SUSE Bug 969333