ID OPENVAS:1361412562310806749 Type openvas Reporter Copyright (C) 2015 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mingw-libpng FEDORA-2015-97
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806749");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)");
script_cve_id("CVE-2015-8126");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for mingw-libpng FEDORA-2015-97");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mingw-libpng'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"mingw-libpng on Fedora 22");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"FEDORA", value:"2015-97");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC22");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC22")
{
if ((res = isrpmvuln(pkg:"mingw-libpng", rpm:"mingw-libpng~1.6.19~1.fc22", rls:"FC22")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310806749", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "description": "The remote host is missing an update for the ", "published": "2015-11-28T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "cvelist": ["CVE-2015-8126"], "lastseen": "2019-05-29T18:36:50", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8126"]}, {"type": "f5", "idList": ["F5:K81903701", "F5:K76930736", "SOL81903701", "SOL76930736"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871517", "OPENVAS:1361412562310131155", "OPENVAS:1361412562310120601", "OPENVAS:1361412562310131136", "OPENVAS:1361412562310806748", "OPENVAS:1361412562310807272", "OPENVAS:1361412562311220191391", "OPENVAS:1361412562310851135", "OPENVAS:1361412562310806741", "OPENVAS:1361412562310807267"]}, {"type": "amazon", "idList": ["ALAS-2015-611"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:2100-1", "OPENSUSE-SU-2015:2099-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2016-30.NASL", "OPENSUSE-2016-28.NASL", "FEDORA_2015-8A1243DB75.NASL", "SUSE_SU-2016-0041-1.NASL", "FEDORA_2015-13668FFF74.NASL", "FEDORA_2016-43735C33A7.NASL", "FEDORA_2016-9A1C707B10.NASL", "ALA_ALAS-2015-611.NASL", "FEDORA_2015-97FC1797FA.NASL", "SUSE_SU-2016-0061-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:DFD56607A1A3", "FEDORA:42A1E606E496", "FEDORA:3C1966059FB0", "FEDORA:280B0608DDD2", "FEDORA:D38CC604DCEF", "FEDORA:210E8601D83F", "FEDORA:E1164604EC00", "FEDORA:17CD6605F211", "FEDORA:4867060876D3", "FEDORA:2B24B6085AD8"]}, {"type": "slackware", "idList": ["SSA-2015-337-01", "SSA-2015-349-02"]}, {"type": "archlinux", "idList": ["ASA-201512-18", "ASA-201511-9", "ASA-201511-10"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3399-1:70C2F"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2596"]}, {"type": "freebsd", "idList": ["1886E195-8B87-11E5-90E7-B499BAEBFEAF"]}, {"type": "centos", "idList": ["CESA-2015:2596", "CESA-2015:2595"]}, {"type": "redhat", "idList": ["RHSA-2015:2596"]}, {"type": "gentoo", "idList": ["GLSA-201611-08"]}, {"type": "ubuntu", "idList": ["USN-2815-1"]}], "modified": "2019-05-29T18:36:50", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:36:50", "rev": 2}, "vulnersScore": 6.1}, "pluginID": "1361412562310806749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-97\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T06:21:30", "description": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.", "edition": 8, "cvss3": {}, "published": "2015-11-13T03:59:00", "title": "CVE-2015-8126", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8126"], "modified": "2020-08-31T15:06:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:oracle:linux:6", "cpe:/o:redhat:enterprise_linux_eus:7.3", "cpe:/a:oracle:jre:1.6.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_eus:7.2", "cpe:/o:redhat:enterprise_linux_eus:7.7", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:redhat:satellite:5.6", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:satellite:5.7", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jre:1.8.0", "cpe:/o:redhat:enterprise_linux_eus:7.6", "cpe:/a:oracle:jdk:1.7.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/o:redhat:enterprise_linux_eus:6.7", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:fedoraproject:fedora:22", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:oracle:jdk:1.8.0", "cpe:/o:redhat:enterprise_linux_eus:7.5", "cpe:/o:fedoraproject:fedora:23", "cpe:/o:oracle:solaris:11.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2015-8126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_65:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update_91:*:*:*:*:*:*", "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_105:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_105:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_66:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_91:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-03-26T06:55:14", "bulletinFamily": "software", "cvelist": ["CVE-2015-8126"], "description": "\nF5 Product Development has assigned ID 562159 (BIG-IP and Enterprise Manager) and ID 476569 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libpng \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Medium*| libpng \nVDI profiles using Citrix backend resources \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libpng \nBIG-IP DNS| 12.0.0| 12.1.0| Low| libpng \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libpng \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libpng \nARX| 6.0.0 - 6.4.0| None| Low| libpng \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| libpng \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| libpng \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| libpng \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| libpng \nBIG-IQ ADC| 4.5.0| None| Low| libpng \nBIG-IQ Centralized Management| 4.6.0| None| Low| libpng \nBIG-IQ Cloud and Orchestration| 1.0.0| None| None| libpng \nLineRate| None| 2.5.0 - 2.6.1| None| None \nF5 WebSafe| None| 1.0.0| None| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| None \n \n* BIG-IP APM 10.1.0 - 11.3.0 versions have a Low severity rating, due to the presence of the libpng component on the system. BIG-IP APM 11.4.0 and later versions use the vulnerable functionality under specific deployment scenarios. For more information, refer to the description in the **Impact** section of this article.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in K4602: Overview of the F5 security vulnerability response policy.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<showcase?case=K9970 >)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<showcase?case=K9957 >)\n * [K4918: Overview of the F5 critical issue hotfix policy](<showcase?case=K4918 >)\n * [K167: Downloading software and firmware from F5](<showcase?case=K167 >)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2015-12-19T03:57:00", "id": "F5:K76930736", "href": "https://support.f5.com/csp/article/K76930736", "title": "Libpng vulnerability CVE-2015-8126", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:29", "bulletinFamily": "software", "cvelist": ["CVE-2015-8126"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-06-01T00:00:00", "published": "2015-12-18T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/76/sol76930736.html", "id": "SOL76930736", "title": "SOL76930736 - Libpng vulnerability CVE-2015-8126", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:28", "bulletinFamily": "software", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "\nF5 Product Development has assigned ID 562159 (BIG-IP), 563839 (BIG-IQ) and 563842 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H578033 on the **Diagnostics** > **Identified** > **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\n**Product** | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Low | Local libpng library \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Medium* | Local libpng library \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Low | Local libpng library \nBIG-IP DNS | 12.0.0 | 12.1.0 | Low | Local libpng library \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium* | Local libpng library \nBIG-IP GTM | 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Low | Local libpng library \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | Local libpng library \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | Local libpng library \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | Local libpng library \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | Local libpng library \nBIG-IQ ADC | 4.5.0 | None | Low | Local libpng library \nBIG-IQ Centralized Management | 4.6.0 | None | Low | Local libpng library \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | Local libpng library \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n* BIG-IP APM/Edge Gateway 10.1.0 through 11.2.1 have a Low severity rating, due to the lack of VDI functionality. BIG-IP APM 11.3.0 and later, and BIG-IP Edge Gateway 11.3.0 may use the vulnerable functionality under specific deployment scenarios. For more information, refer to the description in the **Impact **section of this article.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for the BIG-IP APM system, ensure that remote Citrix resources are trusted.\n\n**Impact of action**: Performing the recommended mitigation should not have a negative impact on your system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-05-08T22:40:00", "published": "2016-03-08T01:30:00", "id": "F5:K81903701", "href": "https://support.f5.com/csp/article/K81903701", "title": "Libpng vulnerability CVE-2015-8472", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2016-11-09T00:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for the BIG-IP APM system, ensure that remote Citrix resources are trusted.\n\n**Impact of action:** Performing the recommended mitigation should not have a negative impact on your system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "edition": 1, "modified": "2016-05-25T00:00:00", "published": "2016-03-07T00:00:00", "id": "SOL81903701", "href": "http://support.f5.com/kb/en-us/solutions/public/k/81/sol81903701.html", "type": "f5", "title": "SOL81903701 - Libpng vulnerability CVE-2015-8472", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-03-17T22:59:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310120601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120601", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-611)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120601\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:37:04 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-611)\");\n script_tag(name:\"insight\", value:\"Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (CVE-2015-8126 ).\");\n script_tag(name:\"solution\", value:\"Run yum update libpng to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-611.html\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.49~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.49~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.49~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.49~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-17T00:00:00", "id": "OPENVAS:1361412562310807272", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807272", "type": "openvas", "title": "Fedora Update for mingw-libpng FEDORA-2016-43735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2016-43735\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807272\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-17 06:25:30 +0100 (Wed, 17 Feb 2016)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2016-43735\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-43735\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.21~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-11-29T00:00:00", "id": "OPENVAS:1361412562310806748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806748", "type": "openvas", "title": "Fedora Update for mingw-libpng FEDORA-2015-8", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806748\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-29 06:08:42 +0100 (Sun, 29 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-17T00:00:00", "id": "OPENVAS:1361412562310807267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807267", "type": "openvas", "title": "Fedora Update for mingw-libpng FEDORA-2016-9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2016-9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807267\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-17 06:25:33 +0100 (Wed, 17 Feb 2016)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2016-9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.21~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "description": "Mageia Linux Local Security Checks mgasa-2015-0451", "modified": "2018-09-28T00:00:00", "published": "2015-11-23T00:00:00", "id": "OPENVAS:1361412562310131136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131136", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0451.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131136\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-23 07:46:11 +0200 (Mon, 23 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0451\");\n script_tag(name:\"insight\", value:\"Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (CVE-2015-8126). This issue also affected libpng 1.2 before 1.2.54. The libpng and libpng12 packages have been updated to versions 1.6.19 and 1.2.54, respectively, fixing this issue.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0451.html\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0451\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.6.19~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libpng12\", rpm:\"libpng12~1.2.54~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-12-29T00:00:00", "id": "OPENVAS:1361412562310851135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851135", "type": "openvas", "title": "openSUSE: Security Advisory for libpng16 (openSUSE-SU-2015:2100-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851135\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-29 17:30:29 +0530 (Tue, 29 Dec 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libpng16 (openSUSE-SU-2015:2100-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng16'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libpng16 package was updated to fix the following security issues:\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980).\");\n\n script_tag(name:\"affected\", value:\"libpng16 on openSUSE 13.2, openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:2100-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE13\\.2|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-compat-devel\", rpm:\"libpng16-compat-devel~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-devel\", rpm:\"libpng16-devel~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-tools\", rpm:\"libpng16-tools~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-tools-debuginfo\", rpm:\"libpng16-tools-debuginfo~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-compat-devel-32bit\", rpm:\"libpng16-compat-devel-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-devel-32bit\", rpm:\"libpng16-devel-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-compat-devel\", rpm:\"libpng16-compat-devel~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-devel\", rpm:\"libpng16-devel~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-tools\", rpm:\"libpng16-tools~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-tools-debuginfo\", rpm:\"libpng16-tools-debuginfo~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-compat-devel-32bit\", rpm:\"libpng16-compat-devel-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng16-devel-32bit\", rpm:\"libpng16-devel-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-01-07T00:00:00", "id": "OPENVAS:1361412562310806933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806933", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2015-4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2015-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806933\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-07 09:53:20 +0100 (Thu, 07 Jan 2016)\");\n script_cve_id(\"CVE-2015-8126\", \"CVE-2015-8472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng FEDORA-2015-4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.6.17~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-12-19T00:00:00", "id": "OPENVAS:1361412562310806911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806911", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2015-3461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2015-3461\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806911\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-19 05:42:42 +0100 (Sat, 19 Dec 2015)\");\n script_cve_id(\"CVE-2015-8126\", \"CVE-2015-8472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2015-3461\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-3461\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174127.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.65~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126", "CVE-2015-7981"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191391", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libpng12 (EulerOS-SA-2019-1391)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1391\");\n script_version(\"2020-01-23T11:41:37+0000\");\n script_cve_id(\"CVE-2015-7981\", \"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libpng12 (EulerOS-SA-2019-1391)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1391\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1391\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libpng12' package(s) announced via the EulerOS-SA-2019-1391 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.CVE-2015-7981\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.CVE-2015-8126\");\n\n script_tag(name:\"affected\", value:\"'libpng12' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng12\", rpm:\"libpng12~1.2.50~10\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126", "CVE-2015-7981"], "description": "Several vulnerabilities have\nbeen discovered in the libpng PNG library. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2015-7981\nQixue Xiao discovered an out-of-bounds read vulnerability in the\npng_convert_to_rfc1123 function. A remote attacker can potentially\ntake advantage of this flaw to cause disclosure of information from\nprocess memory.\n\nCVE-2015-8126\nMultiple buffer overflows were discovered in the png_set_PLTE and\npng_get_PLTE functions. A remote attacker can take advantage of this\nflaw to cause a denial of service (application crash) via a small\nbit-depth value in an IHDR (image header) chunk in a PNG image.", "modified": "2019-03-18T00:00:00", "published": "2015-11-18T00:00:00", "id": "OPENVAS:1361412562310703399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703399", "type": "openvas", "title": "Debian Security Advisory DSA 3399-1 (libpng - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3399.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3399-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703399\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-7981\", \"CVE-2015-8126\");\n script_name(\"Debian Security Advisory DSA 3399-1 (libpng - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-18 00:00:00 +0100 (Wed, 18 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3399.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"libpng on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), these problems have been fixed in version 1.2.49-1+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.54-1.\n\nWe recommend that you upgrade your libpng packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have\nbeen discovered in the libpng PNG library. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2015-7981\nQixue Xiao discovered an out-of-bounds read vulnerability in the\npng_convert_to_rfc1123 function. A remote attacker can potentially\ntake advantage of this flaw to cause disclosure of information from\nprocess memory.\n\nCVE-2015-8126\nMultiple buffer overflows were discovered in the png_set_PLTE and\npng_get_PLTE functions. A remote attacker can take advantage of this\nflaw to cause a denial of service (application crash) via a small\nbit-depth value in an IHDR (image header) chunk in a PNG image.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpng12-0:amd64\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0:i386\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:amd64\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:i386\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:amd64\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:i386\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0:amd64\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0:i386\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:amd64\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:i386\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:amd64\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:i386\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "**Issue Overview:**\n\nMultiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image ([CVE-2015-8126 __](<https://access.redhat.com/security/cve/CVE-2015-8126>)).\n\n \n**Affected Packages:** \n\n\nlibpng\n\n \n**Issue Correction:** \nRun _yum update libpng_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libpng-static-1.2.49-1.13.amzn1.i686 \n libpng-debuginfo-1.2.49-1.13.amzn1.i686 \n libpng-devel-1.2.49-1.13.amzn1.i686 \n libpng-1.2.49-1.13.amzn1.i686 \n \n src: \n libpng-1.2.49-1.13.amzn1.src \n \n x86_64: \n libpng-devel-1.2.49-1.13.amzn1.x86_64 \n libpng-static-1.2.49-1.13.amzn1.x86_64 \n libpng-1.2.49-1.13.amzn1.x86_64 \n libpng-debuginfo-1.2.49-1.13.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-11-23T13:43:00", "published": "2015-11-23T13:43:00", "id": "ALAS-2015-611", "href": "https://alas.aws.amazon.com/ALAS-2015-611.html", "title": "Medium: libpng", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "edition": 1, "description": "The libpng16 package was updated to fix the following security issues:\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980).\n\n", "modified": "2015-11-25T21:14:06", "published": "2015-11-25T21:14:06", "id": "OPENSUSE-SU-2015:2100-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html", "title": "Security update for libpng16 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:38:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-7981"], "description": "The libpng12 package was updated to fix the following security issues:\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980).\n - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051).\n\n", "edition": 1, "modified": "2015-11-25T21:13:40", "published": "2015-11-25T21:13:40", "id": "OPENSUSE-SU-2015:2099-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html", "type": "suse", "title": "Security update for libpng12 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T12:30:04", "description": "This update fixes the following security issue :\n\n - CVE-2015-8126 Possible buffer overflow vulnerabilities\n in png_get_PLTE and png_set_PLTE functions could cause a\n denial of service (application crash) or possibly have\n an unspecified impact [bsc#954980]\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 17, "published": "2016-01-25T00:00:00", "title": "openSUSE Security Update : libpng15 (openSUSE-2016-31)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng15-15-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng15-15", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libpng15-15-32bit", "p-cpe:/a:novell:opensuse:libpng15-15-debuginfo", "p-cpe:/a:novell:opensuse:libpng15-debugsource"], "id": "OPENSUSE-2016-31.NASL", "href": "https://www.tenable.com/plugins/nessus/88121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-31.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88121);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng15 (openSUSE-2016-31)\");\n script_summary(english:\"Check for the openSUSE-2016-31 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - CVE-2015-8126 Possible buffer overflow vulnerabilities\n in png_get_PLTE and png_set_PLTE functions could cause a\n denial of service (application crash) or possibly have\n an unspecified impact [bsc#954980]\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng15 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng15-15-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng15-15-debuginfo-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng15-debugsource-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng15-15-32bit-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng15-15-debuginfo-32bit-1.5.22-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng15-15 / libpng15-15-32bit / libpng15-15-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:40", "description": "Security fix for CVE-2015-8126 (#1281757, #1281756). Proper patch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : libpng-1.6.17-4.fc23 (2015-5e52306c9c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-03-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:23", "p-cpe:/a:fedoraproject:fedora:libpng"], "id": "FEDORA_2015-5E52306C9C.NASL", "href": "https://www.tenable.com/plugins/nessus/89252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5e52306c9c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89252);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"FEDORA\", value:\"2015-5e52306c9c\");\n\n script_name(english:\"Fedora 23 : libpng-1.6.17-4.fc23 (2015-5e52306c9c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-8126 (#1281757, #1281756). Proper patch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281756\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?292474ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"libpng-1.6.17-4.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:49", "description": "libpng 1.6.19 release, fixing CVE-2015-8126\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 21 : mingw-libpng-1.6.19-1.fc21 (2015-8a1243db75)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-03-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:mingw-libpng"], "id": "FEDORA_2015-8A1243DB75.NASL", "href": "https://www.tenable.com/plugins/nessus/89313", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8a1243db75.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89313);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"FEDORA\", value:\"2015-8a1243db75\");\n\n script_name(english:\"Fedora 21 : mingw-libpng-1.6.19-1.fc21 (2015-8a1243db75)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libpng 1.6.19 release, fixing CVE-2015-8126\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281756\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c9b2c22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-libpng-1.6.19-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:12", "description": "Update to 1.6.21 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2016-03-04T00:00:00", "title": "Fedora 22 : mingw-libpng-1.6.21-1.fc22 (2016-43735c33a7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libpng", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-43735C33A7.NASL", "href": "https://www.tenable.com/plugins/nessus/89527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-43735c33a7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89527);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"FEDORA\", value:\"2016-43735c33a7\");\n\n script_name(english:\"Fedora 22 : mingw-libpng-1.6.21-1.fc22 (2016-43735c33a7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.21 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281760\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1f28b52\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-libpng-1.6.21-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:30:03", "description": "This update fixes the following security issue\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.", "edition": 17, "published": "2016-01-25T00:00:00", "title": "openSUSE Security Update : libpng12 (openSUSE-2016-30)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng12-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-compat-devel", "p-cpe:/a:novell:opensuse:libpng12-0", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libpng12-devel", "p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo", "p-cpe:/a:novell:opensuse:libpng12-0-32bit", "p-cpe:/a:novell:opensuse:libpng12-debugsource", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit"], "id": "OPENSUSE-2016-30.NASL", "href": "https://www.tenable.com/plugins/nessus/88120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-30.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88120);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng12 (openSUSE-2016-30)\");\n script_summary(english:\"Check for the openSUSE-2016-30 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-0-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-0-debuginfo-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-compat-devel-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-debugsource-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-devel-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.50-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0 / libpng12-0-32bit / libpng12-0-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:34", "description": "Update to 1.6.21 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : mingw-libpng-1.6.21-1.fc23 (2016-9a1c707b10)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libpng", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-9A1C707B10.NASL", "href": "https://www.tenable.com/plugins/nessus/89587", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-9a1c707b10.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89587);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"FEDORA\", value:\"2016-9a1c707b10\");\n\n script_name(english:\"Fedora 23 : mingw-libpng-1.6.21-1.fc23 (2016-9a1c707b10)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.21 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281760\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19ce94a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"mingw-libpng-1.6.21-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:28:55", "description": "The libpng16 package was updated to fix the following security \nissues :\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities\n in png_get_PLTE/png_set_PLTE functions (bsc#954980).", "edition": 17, "published": "2015-11-30T00:00:00", "title": "openSUSE Security Update : libpng16 (openSUSE-2015-801)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2015-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng16-compat-devel", "p-cpe:/a:novell:opensuse:libpng16-16-debuginfo", "p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo", "p-cpe:/a:novell:opensuse:libpng16-devel-32bit", "p-cpe:/a:novell:opensuse:libpng16-16", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libpng16-tools", "p-cpe:/a:novell:opensuse:libpng16-debugsource", "p-cpe:/a:novell:opensuse:libpng16-devel", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libpng16-16-32bit"], "id": "OPENSUSE-2015-801.NASL", "href": "https://www.tenable.com/plugins/nessus/87081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-801.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87081);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng16 (openSUSE-2015-801)\");\n script_summary(english:\"Check for the openSUSE-2015-801 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng16 package was updated to fix the following security \nissues :\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities\n in png_get_PLTE/png_set_PLTE functions (bsc#954980).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-16-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-16-debuginfo-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-compat-devel-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-debugsource-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-devel-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-tools-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-tools-debuginfo-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-16-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-16-debuginfo-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-compat-devel-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-debugsource-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-devel-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-tools-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-tools-debuginfo-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.13-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16-16 / libpng16-16-32bit / libpng16-16-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:30:02", "description": "This update fixes the following security issue :\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.", "edition": 17, "published": "2016-01-25T00:00:00", "title": "openSUSE Security Update : libpng16 (openSUSE-2016-28)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2016-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng16-compat-devel", "p-cpe:/a:novell:opensuse:libpng16-16-debuginfo", "p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo", "p-cpe:/a:novell:opensuse:libpng16-devel-32bit", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libpng16-16", "p-cpe:/a:novell:opensuse:libpng16-tools", "p-cpe:/a:novell:opensuse:libpng16-debugsource", "p-cpe:/a:novell:opensuse:libpng16-devel", "p-cpe:/a:novell:opensuse:libpng16-16-32bit"], "id": "OPENSUSE-2016-28.NASL", "href": "https://www.tenable.com/plugins/nessus/88118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-28.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88118);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng16 (openSUSE-2016-28)\");\n script_summary(english:\"Check for the openSUSE-2016-28 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-16-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-16-debuginfo-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-compat-devel-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-debugsource-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-devel-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-tools-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-tools-debuginfo-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.8-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16-16 / libpng16-16-32bit / libpng16-16-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:21:09", "description": "Multiple buffer overflows in the png_set_PLTE and png_get_PLTE\nfunctions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54,\n1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before\n1.6.19, allowing remote attackers to cause a denial of service\n(application crash) or possibly have unspecified other impact via a\nsmall bit-depth value in an IHDR (aka image header) chunk in a PNG\nimage (CVE-2015-8126).", "edition": 24, "published": "2015-11-24T00:00:00", "title": "Amazon Linux AMI : libpng (ALAS-2015-611)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libpng-devel", "p-cpe:/a:amazon:linux:libpng-debuginfo", "p-cpe:/a:amazon:linux:libpng", "p-cpe:/a:amazon:linux:libpng-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-611.NASL", "href": "https://www.tenable.com/plugins/nessus/87015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-611.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87015);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"ALAS\", value:\"2015-611\");\n\n script_name(english:\"Amazon Linux AMI : libpng (ALAS-2015-611)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows in the png_set_PLTE and png_get_PLTE\nfunctions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54,\n1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before\n1.6.19, allowing remote attackers to cause a denial of service\n(application crash) or possibly have unspecified other impact via a\nsmall bit-depth value in an IHDR (aka image header) chunk in a PNG\nimage (CVE-2015-8126).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-611.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libpng' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libpng-1.2.49-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libpng-debuginfo-1.2.49-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libpng-devel-1.2.49-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libpng-static-1.2.49-1.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-debuginfo / libpng-devel / libpng-static\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:28:59", "description": "This update fixes the following security issue :\n\n - CVE-2015-8126 Buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980)", "edition": 17, "published": "2015-12-17T00:00:00", "title": "openSUSE Security Update : libpng12 (openSUSE-2015-902)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "modified": "2015-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng12-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-compat-devel", "p-cpe:/a:novell:opensuse:libpng12-0", "p-cpe:/a:novell:opensuse:libpng12-devel", "p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo", "p-cpe:/a:novell:opensuse:libpng12-0-32bit", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libpng12-debugsource", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit"], "id": "OPENSUSE-2015-902.NASL", "href": "https://www.tenable.com/plugins/nessus/87445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-902.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87445);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng12 (openSUSE-2015-902)\");\n script_summary(english:\"Check for the openSUSE-2015-902 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - CVE-2015-8126 Buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng12-0-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng12-0-debuginfo-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng12-compat-devel-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng12-debugsource-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng12-devel-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.50-6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng12-0-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng12-0-debuginfo-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng12-compat-devel-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng12-debugsource-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng12-devel-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.51-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.51-3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0 / libpng12-0-32bit / libpng12-0-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "MinGW Windows Libpng library. ", "modified": "2015-11-27T18:24:08", "published": "2015-11-27T18:24:08", "id": "FEDORA:4867060876D3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-libpng-1.6.19-1.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "MinGW Windows Libpng library. ", "modified": "2015-11-27T20:53:25", "published": "2015-11-27T20:53:25", "id": "FEDORA:DFD56607A1A3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-libpng-1.6.19-1.fc22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "MinGW Windows Libpng library. ", "modified": "2016-02-17T04:02:12", "published": "2016-02-17T04:02:12", "id": "FEDORA:E1164604EC00", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-libpng-1.6.21-1.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "MinGW Windows Libpng library. ", "modified": "2016-02-17T04:26:13", "published": "2016-02-17T04:26:13", "id": "FEDORA:280B0608DDD2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-libpng-1.6.21-1.fc22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "modified": "2015-11-22T02:26:06", "published": "2015-11-22T02:26:06", "id": "FEDORA:2B24B6085AD8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libpng-1.6.17-4.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126"], "description": "MinGW Windows Libpng library. ", "modified": "2015-11-28T23:18:28", "published": "2015-11-28T23:18:28", "id": "FEDORA:17CD6605F211", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: mingw-libpng-1.6.19-1.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7981", "CVE-2015-8126"], "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "modified": "2015-11-24T22:50:52", "published": "2015-11-24T22:50:52", "id": "FEDORA:D38CC604DCEF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libpng10-1.0.64-1.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2016-01-04T20:00:05", "published": "2016-01-04T20:00:05", "id": "FEDORA:4226C607D66E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libpng15-1.5.25-1.fc22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "modified": "2015-12-18T10:01:32", "published": "2015-12-18T10:01:32", "id": "FEDORA:E1B196076002", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libpng10-1.0.65-1.fc22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2016-01-04T18:55:22", "published": "2016-01-04T18:55:22", "id": "FEDORA:5799B60EDE72", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libpng15-1.5.25-1.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz: Upgraded.\n Fixed incorrect implementation of png_set_PLTE() that uses png_ptr\n not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126\n vulnerability.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.55-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.55-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.18-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.18-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.18-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.18-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.18-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.18-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.18-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.20-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.20-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n0ee9224ad5684fad22c1b0c90605c63b libpng-1.2.55-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd9b29264e8312baf0c511c81ad779e59 libpng-1.2.55-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n28f6f162e3808d1dcdf6a3a98a8ccd69 libpng-1.4.18-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n156846c2db1a60cc840ed6e545ad9ec3 libpng-1.4.18-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n6c2eb1e0434a742f837b3d136d09fa89 libpng-1.4.18-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n099974c30fce3f57ba60249e6cd4ad99 libpng-1.4.18-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb546c957f439e78bbee7bdd429953a76 libpng-1.4.18-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n66903cc8d9eea2c47698ff0776da13e2 libpng-1.4.18-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nf2dfcb4aa0a05fccf81f60f913bc7e8e libpng-1.4.18-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc06efdbec225394a156860a4f571dd59 libpng-1.4.18-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n6f2e6e7f5f8c3760a372cc9ae3130060 l/libpng-1.6.20-i586-1.txz\n\nSlackware x86_64 -current package:\n8be8af75ec81e9463adf345c0bf48432 l/libpng-1.6.20-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libpng-1.4.18-i486-1_slack14.1.txz", "modified": "2015-12-16T06:25:09", "published": "2015-12-16T06:25:09", "id": "SSA-2015-349-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.504203", "type": "slackware", "title": "[slackware-security] libpng", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-25T16:35:57", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7981", "CVE-2015-8126"], "description": "New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/libpng-1.4.17-i486-1_slack14.1.txz: Upgraded.\n Fixed buffer overflows in the png_set_PLTE(), png_get_PLTE(),\n png_set_tIME(), and png_convert_to_rfc1123() functions that allow\n attackers to cause a denial of service (application crash) or\n possibly have unspecified other impact via a small bit-depth value\n in an IHDR (aka image header) chunk in a PNG image.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.54-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.54-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.17-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.17-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.17-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.17-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.17-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.17-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.19-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.19-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nc6eb0eeb425af17d02655f2f9fa69723 libpng-1.2.54-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nee85a731b10fe3d5767b97e91d6bfc1f libpng-1.2.54-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n3d6d26c2cdd0f8ffc9d4ee4284ebdfc7 libpng-1.4.17-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2b9beff2066d8cd2530c4db6878f3644 libpng-1.4.17-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n36f5490f07d75665bab2bc5cccd77437 libpng-1.4.17-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nb0110d8941fd249c9b99932b7de67990 libpng-1.4.17-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n0e21fde66006e6e86117ba075e8c160d libpng-1.4.17-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n221b16014a862c02e787519a3090812b libpng-1.4.17-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ncdd3f81e3a487b4aceb1920295c9ffbe libpng-1.4.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0f2e5230458bdb77a19dbc09b6eae0e libpng-1.4.17-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n56306097bf7dde2aa757d122d6fb3616 l/libpng-1.6.19-i586-1.txz\n\nSlackware x86_64 -current package:\nd11905e7d052578e96ff10f42b175c89 l/libpng-1.6.19-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libpng-1.4.17-i486-1_slack14.1.txz", "modified": "2015-12-03T08:20:21", "published": "2015-12-03T08:20:21", "id": "SSA-2015-337-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.522940", "type": "slackware", "title": "[slackware-security] libpng", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-7981"], "description": "- CVE-2015-7981 (out-of-bounds read)\n\nThis is an array indexing error, which can lead to an out-of-bounds read\nof a static buffer. The result is now unsigned (no longer negative, but\nnow a huge positive number).\n\n- CVE-2015-8126 (arbitrary code execution)\n\nBuffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,\nallowing remote attackers to cause DoS to application or have\nunspecified other impact. These functions failed to check for an\nout-of-range palette when reading or writing PNG files with a bit_depth\nless than 8. Some applications might read the bit depth from the IHDR\nchunk and allocate memory for a 2^N entry palette, while libpng can\nreturn a palette with up to 256 entries even when the bit depth is less\nthan 8.", "modified": "2015-11-17T00:00:00", "published": "2015-11-17T00:00:00", "id": "ASA-201511-9", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html", "type": "archlinux", "title": "libpng: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-7981"], "description": "- CVE-2015-7981 (out-of-bounds read)\n\nThis is an array indexing error, which can lead to an out-of-bounds read\nof a static buffer. The result is now unsigned (no longer negative, but\nnow a huge positive number).\n\n- CVE-2015-8126 (arbitrary code execution)\n\nBuffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,\nallowing remote attackers to cause DoS to application or have\nunspecified other impact. These functions failed to check for an\nout-of-range palette when reading or writing PNG files with a bit_depth\nless than 8. Some applications might read the bit depth from the IHDR\nchunk and allocate memory for a 2^N entry palette, while libpng can\nreturn a palette with up to 256 entries even when the bit depth is less\nthan 8.", "modified": "2015-11-17T00:00:00", "published": "2015-11-17T00:00:00", "id": "ASA-201511-10", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html", "type": "archlinux", "title": "lib32-libpng: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "It was discovered that the png_get_PLTE() and png_set_PLTE() functions\nof libpng did not correctly calculate the maximum palette sizes for bit\ndepths of less than 8. In case an application tried to use these\nfunctions in combination with properly calculated palette sizes, this\ncould lead to a buffer overflow or out-of-bounds reads. An attacker\ncould exploit this to cause a crash or potentially execute arbitrary\ncode by tricking an unsuspecting user into processing a specially\ncrafted PNG image. However, the exact impact is dependent on the\napplication using the library.\nThis issue is the result of an incomplete fix for CVE-2015-8126 in\nlibpng 1.6.19.", "modified": "2015-12-28T00:00:00", "published": "2015-12-28T00:00:00", "id": "ASA-201512-18", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html", "type": "archlinux", "title": "libpng: buffer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:09:25", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "[2:1.5.13-7]\n- Security fix for CVE-2015-8126\n- Changing png_ptr to info_ptf based on upstream\n- Related: #1283576\n[2:1.5.13-6]\n- Security fix for CVE-2015-8126\n- Resolves: #1283576", "edition": 5, "modified": "2015-12-09T00:00:00", "published": "2015-12-09T00:00:00", "id": "ELSA-2015-2596", "href": "http://linux.oracle.com/errata/ELSA-2015-2596.html", "title": "libpng security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:23", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2596\n\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAll libpng users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/008946.html\n\n**Affected packages:**\nlibpng\nlibpng-devel\nlibpng-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2596.html", "edition": 3, "modified": "2015-12-09T19:21:36", "published": "2015-12-09T19:21:36", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/008946.html", "id": "CESA-2015:2596", "title": "libpng security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAll libpng users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "modified": "2018-04-12T03:33:12", "published": "2015-12-09T18:26:42", "id": "RHSA-2015:2596", "href": "https://access.redhat.com/errata/RHSA-2015:2596", "type": "redhat", "title": "(RHSA-2015:2596) Moderate: libpng security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:02:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-7981"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3399-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libpng\nCVE ID : CVE-2015-7981 CVE-2015-8126\nDebian Bug : 803078 805113\n\nSeveral vulnerabilities have been discovered in the libpng PNG library.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7981\n\n Qixue Xiao discovered an out-of-bounds read vulnerability in the\n png_convert_to_rfc1123 function. A remote attacker can potentially\n take advantage of this flaw to cause disclosure of information from\n process memory.\n\nCVE-2015-8126\n\n Multiple buffer overflows were discovered in the png_set_PLTE and\n png_get_PLTE functions. A remote attacker can take advantage of this\n flaw to cause a denial of service (application crash) via a small\n bit-depth value in an IHDR (image header) chunk in a PNG image.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.49-1+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.54-1.\n\nWe recommend that you upgrade your libpng packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2015-11-18T19:55:59", "published": "2015-11-18T19:55:59", "id": "DEBIAN:DSA-3399-1:70C2F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00304.html", "title": "[SECURITY] [DSA 3399-1] libpng security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8126", "CVE-2015-8472"], "description": "\nlibpng reports:\n\nCVE for a vulnerability in libpng, all versions, in the\n png_set_PLTE/png_get_PLTE functions. These functions failed to check for\n an out-of-range palette when reading or writing PNG files with a bit_depth\n less than 8. Some applications might read the bit depth from the IHDR\n chunk and allocate memory for a 2^N entry palette, while libpng can return\n a palette with up to 256 entries even when the bit depth is less than 8.\n\n", "edition": 4, "modified": "2015-12-08T00:00:00", "published": "2015-11-15T00:00:00", "id": "1886E195-8B87-11E5-90E7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/1886e195-8b87-11e5-90e7-b499baebfeaf.html", "title": "libpng buffer overflow in png_set_PLTE", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
