https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Bug ID: 1281756 Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: drizt@land.ru, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, paul@city-fan.org, phracek@redhat.com, rjones@redhat.com
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.
Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19.
Upstream patches:
https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b... https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208... https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57... https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba...
CVE assignment:
http://seclists.org/oss-sec/2015/q4/264
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1281757 Depends On| |1281758 Depends On| |1281759 Depends On| |1281760
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created libpng tracking bugs for this issue:
Affects: fedora-all [bug 1281757]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281757 [Bug 1281757] CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281758 [Bug 1281758] CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281759 [Bug 1281759] CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1281760 [Bug 1281760] CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created libpng10 tracking bugs for this issue:
Affects: epel-6 [bug 1281759]
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #3 from Adam Mariš amaris@redhat.com ---
Created mingw-libpng tracking bugs for this issue:
Affects: fedora-all [bug 1281758] Affects: epel-7 [bug 1281760]
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1281763
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #4 from Paul Howarth paul@city-fan.org --- (In reply to Adam Mariš from comment #2)
Created libpng10 tracking bugs for this issue:
Affects: epel-6 [bug 1281759]
It affects fedora-all too. I'll edit the existing updates for 1.0.64 when a suitable tracking bug is generated.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Paul Howarth paul@city-fan.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1282039
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1282039 [Bug 1282039] libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A |V:N/AC:M/Au:N/C:N/I:P/A:P,c |V:N/AC:M/Au:N/C:N/I:P/A:P,c |we=CWE-120,rhel-5/libpng=af |we=CWE-120,rhel-5/libpng=af |fected,rhel-6/libpng=affect |fected,rhel-6/libpng=affect |ed,rhel-7/libpng=affected,r |ed,rhel-7/libpng=affected,r |hel-7/libpng12=affected,fed |hel-7/libpng12=affected,fed |ora-all/libpng=affected,fed |ora-all/libpng=affected,fed |ora-all/mingw-libpng=affect |ora-all/mingw-libpng=affect |ed,epel-6/libpng10=affected |ed,epel-6/libpng10=affected |,epel-7/mingw-libpng=affect |,epel-7/mingw-libpng=affect |ed |ed,fedora-all/libpng10=affe | |cted
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Raphael Groner projects.rg@smart.ms changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |projects.rg@smart.ms
--- Comment #5 from Raphael Groner projects.rg@smart.ms --- Besides libpng, all those compat packages need to be updated, too: libpng10, libpng12, libpng15 Please do so ASAP.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Piotr Popieluch piotr1212@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |piotr1212@gmail.com Severity|medium |urgent
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #6 from Stefan Cornelius scorneli@redhat.com --- This needs another patch: https://github.com/glennrp/libpng/commit/9f2ad4928e47036cf1ac9b8fe45a491f15b...
Or there will be CRC issues. I'll also add this to the list of patches in comment #0.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.4/A |V:N/AC:M/Au:N/C:N/I:P/A:P,c |V:A/AC:M/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=af |we=CWE-120,rhel-5/libpng=wo |fected,rhel-6/libpng=affect |ntfix,rhel-6/libpng=affecte |ed,rhel-7/libpng=affected,r |d,rhel-7/libpng=affected,rh |hel-7/libpng12=affected,fed |el-7/libpng12=affected,fedo |ora-all/libpng=affected,fed |ra-all/libpng=affected,fedo |ora-all/mingw-libpng=affect |ra-all/mingw-libpng=affecte |ed,epel-6/libpng10=affected |d,epel-6/libpng10=affected, |,epel-7/mingw-libpng=affect |epel-7/mingw-libpng=affecte |ed,fedora-all/libpng10=affe |d,fedora-all/libpng10=affec |cted |ted
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.4/A |ce=oss-security,cvss2=5.4/A |V:A/AC:M/Au:N/C:P/I:P/A:P,c |V:A/AC:M/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=wo |we=CWE-120,rhel-5/libpng=wo |ntfix,rhel-6/libpng=affecte |ntfix,rhel-6/libpng=affecte |d,rhel-7/libpng=affected,rh |d,rhel-7/libpng=affected,rh |el-7/libpng12=affected,fedo |el-7/libpng12=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng=affected,fedo |ra-all/mingw-libpng=affecte |ra-all/libpng12=affected,fe |d,epel-6/libpng10=affected, |dora-all/libpng15=affected, |epel-7/mingw-libpng=affecte |fedora-all/mingw-libpng=aff |d,fedora-all/libpng10=affec |ected,epel-6/libpng10=affec |ted |ted,epel-7/mingw-libpng=aff | |ected,fedora-all/libpng10=a | |ffected
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1282901 Depends On| |1282902
--- Comment #8 from Stefan Cornelius scorneli@redhat.com ---
Created libpng12 tracking bugs for this issue:
Affects: fedora-all [bug 1282901]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1282901 [Bug 1282901] CVE-2015-8126 libpng12: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1282902 [Bug 1282902] CVE-2015-8126 libpng15: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #9 from Stefan Cornelius scorneli@redhat.com ---
Created libpng15 tracking bugs for this issue:
Affects: fedora-all [bug 1282902]
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Petr Hracek phracek@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |amaris@redhat.com Flags| |needinfo?(amaris@redhat.com | |)
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(amaris@redhat.com | |) |
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|urgent |medium
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1283572 Depends On| |1283573 Depends On| |1283574 Depends On| |1283575 Depends On| |1283576 Depends On| |1283577
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #15 from Fedora Update System updates@fedoraproject.org --- libpng-1.6.17-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1281757, which changed state.
Bug 1281757 Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281757
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Petr Hracek phracek@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |scorneli@redhat.com Flags| |needinfo?(scorneli@redhat.c | |om)
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #17 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.64-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1282039, which changed state.
Bug 1282039 Summary: CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1282039
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #18 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.64-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #19 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.64-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.4/A |ce=oss-security,cvss2=5.1/A |V:A/AC:M/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=wo |we=CWE-120,rhel-5/libpng=wo |ntfix,rhel-6/libpng=affecte |ntfix,rhel-6/libpng=affecte |d,rhel-7/libpng=affected,rh |d,rhel-7/libpng=affected,rh |el-7/libpng12=affected,fedo |el-7/libpng12=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng12=affected,fe |ra-all/libpng12=affected,fe |dora-all/libpng15=affected, |dora-all/libpng15=affected, |fedora-all/mingw-libpng=aff |fedora-all/mingw-libpng=aff |ected,epel-6/libpng10=affec |ected,epel-6/libpng10=affec |ted,epel-7/mingw-libpng=aff |ted,epel-7/mingw-libpng=aff |ected,fedora-all/libpng10=a |ected,fedora-all/libpng10=a |ffected |ffected
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #20 from Stefan Cornelius scorneli@redhat.com --- Our CVSSv2 score may be different from what other sources suggest. That's because we don't think that other CVSSv2 score give an appropriate approximation of the real-life impact of this issue.
In order to be vulnerable, an application needs to calculate the exact minimum buffer space for the palette according to the image's bit depth and then has to interact with libpng in a way that would copy the palette into the buffer the application has reserved.
This is an extra-effort step most applications do not take, for simplicity reasons. Instead, for example, a lot of applications use the maximum size the palette can possibly have, regardless of the image's bit depth. In such a case, the application would not be vulnerable, even when using a vulnerable libpng version.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(scorneli@redhat.c | |om) |
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #25 from Fedora Update System updates@fedoraproject.org --- mingw-libpng-1.6.19-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1281758, which changed state.
Bug 1281758 Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281758
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #26 from Fedora Update System updates@fedoraproject.org --- mingw-libpng-1.6.19-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #27 from Fedora Update System updates@fedoraproject.org --- mingw-libpng-1.6.19-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #28 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.64-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1281759, which changed state.
Bug 1281759 Summary: CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1281759
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1282039, which changed state.
Bug 1282039 Summary: CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1282039
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ON_QA Resolution|ERRATA |---
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1281759, which changed state.
Bug 1281759 Summary: CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1281759
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ON_QA Resolution|ERRATA |---
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2015-8126 libpng: |CVE-2015-8126 CVE-2015-8472 |Buffer overflow |libpng: Buffer overflow |vulnerabilities in |vulnerabilities in |png_get_PLTE/png_set_PLTE |png_get_PLTE/png_set_PLTE |functions |functions Alias| |CVE-2015-8472
--- Comment #29 from Adam Mariš amaris@redhat.com --- CVE-2015-8472 was assigned after it was discovered that initial patch was incomplete. libpng and libpng12 as shipped in RHEL 6 and 7 are not affected by this CVE, since we've already applied complete patch to fix the original issue.
http://seclists.org/oss-sec/2015/q4/439
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #30 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2015:2594 https://rhn.redhat.com/errata/RHSA-2015-2594.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #31 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2596 https://rhn.redhat.com/errata/RHSA-2015-2596.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #32 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2595 https://rhn.redhat.com/errata/RHSA-2015-2595.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #33 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.65-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1282039, which changed state.
Bug 1282039 Summary: CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1282039
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #34 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.65-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #35 from Fedora Update System updates@fedoraproject.org --- libpng12-1.2.56-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1282901, which changed state.
Bug 1282901 Summary: CVE-2015-8126 libpng12: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1282901
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #36 from Fedora Update System updates@fedoraproject.org --- libpng12-1.2.56-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #37 from Fedora Update System updates@fedoraproject.org --- libpng10-1.0.66-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1281759, which changed state.
Bug 1281759 Summary: CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1281759
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #38 from Fedora Update System updates@fedoraproject.org --- libpng15-1.5.25-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1282902, which changed state.
Bug 1282902 Summary: CVE-2015-8126 libpng15: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1282902
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #39 from Fedora Update System updates@fedoraproject.org --- libpng15-1.5.25-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #40 from Fedora Update System updates@fedoraproject.org --- libpng-1.6.17-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1295699
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.1/A |ce=oss-security,cvss2=5.1/A |V:N/AC:H/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=wo |we=CWE-120,rhel-5/libpng=wo |ntfix,rhel-6/libpng=affecte |ntfix,rhel-6/libpng=affecte |d,rhel-7/libpng=affected,rh |d,rhel-7/libpng=affected,rh |el-7/libpng12=affected,fedo |el-7/libpng12=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng12=affected,fe |ra-all/libpng12=affected,fe |dora-all/libpng15=affected, |dora-all/libpng15=affected, |fedora-all/mingw-libpng=aff |fedora-all/mingw-libpng=aff |ected,epel-6/libpng10=affec |ected,epel-6/libpng10=affec |ted,epel-7/mingw-libpng=aff |ted,epel-7/mingw-libpng=aff |ected,fedora-all/libpng10=a |ected,fedora-all/libpng10=a |ffected |ffected,rhel-5/java-1.6.0-s | |un=affected,rhel-6/java-1.6 | |.0-sun=affected,rhel-7/java | |-1.6.0-sun=affected,rhel-5/ | |java-1.7.0-oracle=affected, | |rhel-6/java-1.7.0-oracle=af | |fected,rhel-7/java-1.7.0-or | |acle=affected,rhel-6/java-1 | |.8.0-oracle=affected,rhel-7 | |/java-1.8.0-oracle=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #41 from Tomas Hoger thoger@redhat.com --- OpenJDK 8 upstream commits:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/817a472b15bd http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/23a6e0931277
Note that the first commit actually downgraded bundled libpng from 1.6.16 to 1.5.4, and only the second one upgraded it again to 1.6.20 which includes fixes for CVE-2015-8126 and CVE-2015-8472.
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #42 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 5 Oracle Java for Red Hat Enterprise Linux 7
Via RHSA-2016:0057 https://rhn.redhat.com/errata/RHSA-2016-0057.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #43 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 5 Oracle Java for Red Hat Enterprise Linux 7
Via RHSA-2016:0056 https://rhn.redhat.com/errata/RHSA-2016-0056.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #44 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7
Via RHSA-2016:0055 https://rhn.redhat.com/errata/RHSA-2016-0055.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.1/A |ce=oss-security,cvss2=5.1/A |V:N/AC:H/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=wo |we=CWE-120,rhel-5/libpng=wo |ntfix,rhel-6/libpng=affecte |ntfix,rhel-6/libpng=affecte |d,rhel-7/libpng=affected,rh |d,rhel-7/libpng=affected,rh |el-7/libpng12=affected,fedo |el-7/libpng12=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng12=affected,fe |ra-all/libpng12=affected,fe |dora-all/libpng15=affected, |dora-all/libpng15=affected, |fedora-all/mingw-libpng=aff |fedora-all/mingw-libpng=aff |ected,epel-6/libpng10=affec |ected,epel-6/libpng10=affec |ted,epel-7/mingw-libpng=aff |ted,epel-7/mingw-libpng=aff |ected,fedora-all/libpng10=a |ected,fedora-all/libpng10=a |ffected,rhel-5/java-1.6.0-s |ffected,rhel-5/java-1.6.0-s |un=affected,rhel-6/java-1.6 |un=affected,rhel-6/java-1.6 |.0-sun=affected,rhel-7/java |.0-sun=affected,rhel-7/java |-1.6.0-sun=affected,rhel-5/ |-1.6.0-sun=affected,rhel-5/ |java-1.7.0-oracle=affected, |java-1.7.0-oracle=affected, |rhel-6/java-1.7.0-oracle=af |rhel-6/java-1.7.0-oracle=af |fected,rhel-7/java-1.7.0-or |fected,rhel-7/java-1.7.0-or |acle=affected,rhel-6/java-1 |acle=affected,rhel-6/java-1 |.8.0-oracle=affected,rhel-7 |.8.0-oracle=affected,rhel-7 |/java-1.8.0-oracle=affected |/java-1.8.0-oracle=affected | |,rhel-5/java-1.6.0-ibm=affe | |cted,rhel-6/java-1.6.0-ibm= | |affected,rhel-5/java-1.7.0- | |ibm=affected,rhel-6/java-1. | |7.1-ibm=affected,rhel-7/jav | |a-1.7.1-ibm=affected,rhel-7 | |/java-1.8.0-ibm=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.1/A |ce=oss-security,cvss2=5.1/A |V:N/AC:H/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=wo |we=CWE-120,rhel-5/libpng=wo |ntfix,rhel-6/libpng=affecte |ntfix,rhel-6/libpng=affecte |d,rhel-7/libpng=affected,rh |d,rhel-7/libpng=affected,rh |el-7/libpng12=affected,fedo |el-7/libpng12=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng12=affected,fe |ra-all/libpng12=affected,fe |dora-all/libpng15=affected, |dora-all/libpng15=affected, |fedora-all/mingw-libpng=aff |fedora-all/mingw-libpng=aff |ected,epel-6/libpng10=affec |ected,epel-6/libpng10=affec |ted,epel-7/mingw-libpng=aff |ted,epel-7/mingw-libpng=aff |ected,fedora-all/libpng10=a |ected,fedora-all/libpng10=a |ffected,rhel-5/java-1.6.0-s |ffected,rhel-5/java-1.6.0-s |un=affected,rhel-6/java-1.6 |un=affected,rhel-6/java-1.6 |.0-sun=affected,rhel-7/java |.0-sun=affected,rhel-7/java |-1.6.0-sun=affected,rhel-5/ |-1.6.0-sun=affected,rhel-5/ |java-1.7.0-oracle=affected, |java-1.7.0-oracle=affected, |rhel-6/java-1.7.0-oracle=af |rhel-6/java-1.7.0-oracle=af |fected,rhel-7/java-1.7.0-or |fected,rhel-7/java-1.7.0-or |acle=affected,rhel-6/java-1 |acle=affected,rhel-6/java-1 |.8.0-oracle=affected,rhel-7 |.8.0-oracle=affected,rhel-7 |/java-1.8.0-oracle=affected |/java-1.8.0-oracle=affected |,rhel-5/java-1.6.0-ibm=affe |,rhel-5/java-1.6.0-ibm=affe |cted,rhel-6/java-1.6.0-ibm= |cted,rhel-6/java-1.6.0-ibm= |affected,rhel-5/java-1.7.0- |affected,rhel-5/java-1.7.0- |ibm=affected,rhel-6/java-1. |ibm=affected,rhel-6/java-1. |7.1-ibm=affected,rhel-7/jav |7.1-ibm=affected,rhel-7/jav |a-1.7.1-ibm=affected,rhel-7 |a-1.7.1-ibm=affected,rhel-7 |/java-1.8.0-ibm=affected |/java-1.8.0-ibm=affected,rh | |el-5/java-1.6.0-ibm=affecte | |d,rhel-6/java-1.6.0-ibm=aff | |ected,rhel-5/java-1.7.0-ibm | |=affected,rhel-6/java-1.7.1 | |-ibm=affected,rhel-7/java-1 | |.7.1-ibm=affected,rhel-7/ja | |va-1.8.0-ibm=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1112,reported=20151113,sour |1112,reported=20151113,sour |ce=oss-security,cvss2=5.1/A |ce=oss-security,cvss2=5.1/A |V:N/AC:H/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c |we=CWE-120,rhel-5/libpng=wo |we=CWE-120,rhel-5/libpng=wo |ntfix,rhel-6/libpng=affecte |ntfix,rhel-6/libpng=affecte |d,rhel-7/libpng=affected,rh |d,rhel-7/libpng=affected,rh |el-7/libpng12=affected,fedo |el-7/libpng12=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng=affected,fedo |ra-all/libpng12=affected,fe |ra-all/libpng12=affected,fe |dora-all/libpng15=affected, |dora-all/libpng15=affected, |fedora-all/mingw-libpng=aff |fedora-all/mingw-libpng=aff |ected,epel-6/libpng10=affec |ected,epel-6/libpng10=affec |ted,epel-7/mingw-libpng=aff |ted,epel-7/mingw-libpng=aff |ected,fedora-all/libpng10=a |ected,fedora-all/libpng10=a |ffected,rhel-5/java-1.6.0-s |ffected,rhel-5/java-1.6.0-s |un=affected,rhel-6/java-1.6 |un=affected,rhel-6/java-1.6 |.0-sun=affected,rhel-7/java |.0-sun=affected,rhel-7/java |-1.6.0-sun=affected,rhel-5/ |-1.6.0-sun=affected,rhel-5/ |java-1.7.0-oracle=affected, |java-1.7.0-oracle=affected, |rhel-6/java-1.7.0-oracle=af |rhel-6/java-1.7.0-oracle=af |fected,rhel-7/java-1.7.0-or |fected,rhel-7/java-1.7.0-or |acle=affected,rhel-6/java-1 |acle=affected,rhel-6/java-1 |.8.0-oracle=affected,rhel-7 |.8.0-oracle=affected,rhel-7 |/java-1.8.0-oracle=affected |/java-1.8.0-oracle=affected |,rhel-5/java-1.6.0-ibm=affe |,rhel-5/java-1.6.0-ibm=affe |cted,rhel-6/java-1.6.0-ibm= |cted,rhel-6/java-1.6.0-ibm= |affected,rhel-5/java-1.7.0- |affected,rhel-5/java-1.7.0- |ibm=affected,rhel-6/java-1. |ibm=affected,rhel-6/java-1. |7.1-ibm=affected,rhel-7/jav |7.1-ibm=affected,rhel-7/jav |a-1.7.1-ibm=affected,rhel-7 |a-1.7.1-ibm=affected,rhel-7 |/java-1.8.0-ibm=affected,rh |/java-1.8.0-ibm=affected |el-5/java-1.6.0-ibm=affecte | |d,rhel-6/java-1.6.0-ibm=aff | |ected,rhel-5/java-1.7.0-ibm | |=affected,rhel-6/java-1.7.1 | |-ibm=affected,rhel-7/java-1 | |.7.1-ibm=affected,rhel-7/ja | |va-1.8.0-ibm=affected |
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #45 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2016:0101 https://rhn.redhat.com/errata/RHSA-2016-0101.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #46 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2016:0100 https://rhn.redhat.com/errata/RHSA-2016-0100.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #47 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 7
Via RHSA-2016:0098 https://rhn.redhat.com/errata/RHSA-2016-0098.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
--- Comment #48 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 7 Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2016:0099 https://rhn.redhat.com/errata/RHSA-2016-0099.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug 1281756 depends on bug 1281760, which changed state.
Bug 1281760 Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1281760
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA