Security update for libpng16
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:0937-1
Final
1
1
2017-04-05T13:11:12Z
current
2017-04-05T13:11:12Z
2017-04-05T13:11:12Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libpng16
This update for libpng16 fixes the following issues:
Security issues fixed:
- CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)
This update was imported from the SUSE:SLE-12:Update update project.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2017-04/msg00022.html
E-Mail link for openSUSE-SU-2017:0937-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.1
openSUSE Leap 42.2
libpng16-1.6.8-9.3.1
libpng16-16-1.6.8-9.3.1
libpng16-16-32bit-1.6.8-9.3.1
libpng16-compat-devel-1.6.8-9.3.1
libpng16-compat-devel-32bit-1.6.8-9.3.1
libpng16-devel-1.6.8-9.3.1
libpng16-devel-32bit-1.6.8-9.3.1
libpng16-tools-1.6.8-9.3.1
libpng16-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-16-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-16-32bit-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-compat-devel-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-compat-devel-32bit-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-devel-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-devel-32bit-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-tools-1.6.8-9.3.1 as a component of openSUSE Leap 42.1
libpng16-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-16-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-16-32bit-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-compat-devel-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-compat-devel-32bit-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-devel-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-devel-32bit-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
libpng16-tools-1.6.8-9.3.1 as a component of openSUSE Leap 42.2
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
CVE-2016-10087
openSUSE Leap 42.1:libpng16-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-16-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-16-32bit-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-compat-devel-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-compat-devel-32bit-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-devel-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-devel-32bit-1.6.8-9.3.1
openSUSE Leap 42.1:libpng16-tools-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-16-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-16-32bit-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-compat-devel-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-compat-devel-32bit-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-devel-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-devel-32bit-1.6.8-9.3.1
openSUSE Leap 42.2:libpng16-tools-1.6.8-9.3.1
low
1.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-04/msg00022.html
https://www.suse.com/security/cve/CVE-2016-10087.html
CVE-2016-10087
https://bugzilla.suse.com/1017646
SUSE Bug 1017646
https://bugzilla.suse.com/1149680
SUSE Bug 1149680