Security update for libpng12 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2672-1 Final 1 1 2016-10-28T15:35:31Z current 2016-10-28T15:35:31Z 2016-10-28T15:35:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpng12 This update for libpng12 fixes the following issues: - CVE-2015-8540: read underflow in libpng (bsc#958791). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-10/msg00108.html E-Mail link for openSUSE-SU-2016:2672-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libpng12-1.2.51-3.9.1 libpng12-0-1.2.51-3.9.1 libpng12-0-32bit-1.2.51-3.9.1 libpng12-0-debuginfo-1.2.51-3.9.1 libpng12-0-debuginfo-32bit-1.2.51-3.9.1 libpng12-compat-devel-1.2.51-3.9.1 libpng12-compat-devel-32bit-1.2.51-3.9.1 libpng12-debugsource-1.2.51-3.9.1 libpng12-devel-1.2.51-3.9.1 libpng12-devel-32bit-1.2.51-3.9.1 libpng12-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-0-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-0-32bit-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-0-debuginfo-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-0-debuginfo-32bit-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-compat-devel-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-compat-devel-32bit-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-debugsource-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-devel-1.2.51-3.9.1 as a component of openSUSE 13.2 libpng12-devel-32bit-1.2.51-3.9.1 as a component of openSUSE 13.2 Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. CVE-2015-8540 openSUSE 13.2:libpng12-0-1.2.51-3.9.1 openSUSE 13.2:libpng12-0-32bit-1.2.51-3.9.1 openSUSE 13.2:libpng12-0-debuginfo-1.2.51-3.9.1 openSUSE 13.2:libpng12-0-debuginfo-32bit-1.2.51-3.9.1 openSUSE 13.2:libpng12-1.2.51-3.9.1 openSUSE 13.2:libpng12-compat-devel-1.2.51-3.9.1 openSUSE 13.2:libpng12-compat-devel-32bit-1.2.51-3.9.1 openSUSE 13.2:libpng12-debugsource-1.2.51-3.9.1 openSUSE 13.2:libpng12-devel-1.2.51-3.9.1 openSUSE 13.2:libpng12-devel-32bit-1.2.51-3.9.1 moderate 4.0 AV:N/AC:H/Au:N/C:N/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00108.html https://www.suse.com/security/cve/CVE-2015-8540.html CVE-2015-8540 https://bugzilla.suse.com/958791 SUSE Bug 958791 https://bugzilla.suse.com/963937 SUSE Bug 963937