libpng-1.2.49-2.AXS4
エラータID: AXSA:2015-917:01
Security issues fixed with this release:
CVE-2015-7981
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before
1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote
attackers to obtain sensitive process memory information via crafted
tIME chunk data in an image file, which triggers an out-of-bounds
read.
CVE-2015-8126
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE
functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54,
1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before
1.6.19 allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
small bit-depth value in an IHDR (aka image header) chunk in a PNG
image.
CVE-2015-8472
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
N/A
SRPMS
- libpng-1.2.49-2.AXS4.src.rpm
MD5: b112e5311d68f2683ea50a65f7d5ee6b
SHA-256: 43f46cb3f281cf761a48ed36004ce9968cb5e31fb46137c42b4c873703fef6ab
Size: 673.92 kB
Asianux Server 4 for x86
- libpng-1.2.49-2.AXS4.i686.rpm
MD5: b553bd9500f3995157228b178a543c75
SHA-256: 55a2b9d4c759a63718386a00bd0a615ca19364234c2be6e5ac78ba3f9033f672
Size: 183.48 kB - libpng-devel-1.2.49-2.AXS4.i686.rpm
MD5: eeb477083807e343f570fe29f4f42408
SHA-256: 3aeb572a4cc954fceb287b4ba26eed0afff37ed89d56a04e94681ee9d755cd85
Size: 111.66 kB
Asianux Server 4 for x86_64
- libpng-1.2.49-2.AXS4.x86_64.rpm
MD5: ce4bf0e1c97e8120d502964e9054c4be
SHA-256: ffda82e2dd1f58541ca8cc5521c0d9645875e3f3e794b790db18083fcbe42433
Size: 181.15 kB - libpng-devel-1.2.49-2.AXS4.x86_64.rpm
MD5: be983ec7a16983d21818e032f26ad224
SHA-256: c29ec696fb38090e46454be24cf7d514931f022bcf97c8f7568ae225b6ac34cc
Size: 111.22 kB - libpng-1.2.49-2.AXS4.i686.rpm
MD5: b553bd9500f3995157228b178a543c75
SHA-256: 55a2b9d4c759a63718386a00bd0a615ca19364234c2be6e5ac78ba3f9033f672
Size: 183.48 kB - libpng-devel-1.2.49-2.AXS4.i686.rpm
MD5: eeb477083807e343f570fe29f4f42408
SHA-256: 3aeb572a4cc954fceb287b4ba26eed0afff37ed89d56a04e94681ee9d755cd85
Size: 111.66 kB