Search...

Fedora Update for mingw-libpng FEDORA-2015-97

2015-11-28T00:00:00

ID OPENVAS:1361412562310806749
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mingw-libpng FEDORA-2015-97
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.806749");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)");
  script_cve_id("CVE-2015-8126");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for mingw-libpng FEDORA-2015-97");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'mingw-libpng'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"mingw-libpng on Fedora 22");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2015-97");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC22");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC22")
{

  if ((res = isrpmvuln(pkg:"mingw-libpng", rpm:"mingw-libpng~1.6.19~1.fc22", rls:"FC22")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310806749", "bulletinFamily": "scanner", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "description": "The remote host is missing an update for the ", "published": "2015-11-28T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "cvelist": ["CVE-2015-8126"], "type": "openvas", "lastseen": "2019-05-29T18:36:50", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of mingw-libpng", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:52:07", "references": [{"idList": ["DEBIAN:DSA-3399-1:70C2F"], "type": "debian"}, {"idList": ["RHSA-2015:2594", "RHSA-2015:2595", "RHSA-2015:2596"], "type": "redhat"}, {"idList": ["ELSA-2015-2594", "ELSA-2015-2596"], "type": "oraclelinux"}, {"idList": ["ASA-201511-10", "ASA-201511-9", "ASA-201512-18"], "type": "archlinux"}, {"idList": ["SOL81903701", "F5:K76930736", "SOL76930736", "F5:K81903701"], "type": "f5"}, {"idList": ["CVE-2015-8126"], "type": "cve"}, {"idList": ["1886E195-8B87-11E5-90E7-B499BAEBFEAF"], "type": "freebsd"}, {"idList": ["CESA-2015:2595", "CESA-2015:2596", "CESA-2015:2594"], "type": "centos"}, {"idList": ["GLSA-201611-08"], "type": "gentoo"}, {"idList": ["SSA-2015-337-01", "SSA-2015-349-02"], "type": "slackware"}, {"idList": ["OPENSUSE-SU-2015:2099-1", "OPENSUSE-SU-2015:2100-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310807272", "OPENVAS:1361412562310120601", "OPENVAS:1361412562310851136", "OPENVAS:1361412562310806741", "OPENVAS:703399", "OPENVAS:1361412562310806748", "OPENVAS:1361412562310851135", "OPENVAS:1361412562310131136", "OPENVAS:1361412562310806911", "OPENVAS:1361412562310807267"], "type": "openvas"}, {"idList": ["USN-2815-1"], "type": "ubuntu"}, {"idList": ["F5_BIGIP_SOL76930736.NASL", "OPENSUSE-2015-902.NASL", "OPENSUSE-2016-28.NASL", "FEDORA_2015-5E52306C9C.NASL", "FEDORA_2015-8A1243DB75.NASL", "OPENSUSE-2015-904.NASL", "SUSE_SU-2015-2013-1.NASL", "FEDORA_2016-43735C33A7.NASL", "FEDORA_2015-13668FFF74.NASL", "OPENSUSE-2015-801.NASL"], "type": "nessus"}, {"idList": ["ALAS-2015-611"], "type": "amazon"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "3b56b5d477e311b498e9c334c6e3c4da46ff47057a72df1b95777284bac496e1", "hashmap": [{"hash": "e44e337a08b8daafde2451b09ef1a16f", "key": "description"}, {"hash": "448a3ed9edee2110d6926a4480d4b313", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "295e09f9e8399906a0ef9e25801e7488", "key": "href"}, {"hash": "a18b761651d3a19f52864e792076e0c1", "key": "cvelist"}, {"hash": "508145e45c440a8bbd259cf6d12ffdcc", "key": "title"}, {"hash": "dae8fe86321aca4e462fb73b09d43250", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bb864ea6391750789e95010f5eaaaf84", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "52117548f4ca72a7d8d3d5ba6094548a", "key": "sourceData"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "id": "OPENVAS:1361412562310806749", "lastseen": "2018-09-01T23:52:07", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310806749", "published": "2015-11-28T00:00:00", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-libpng\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MinGW Windows Libpng library.\n\");\n script_tag(name: \"affected\", value: \"mingw-libpng on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-97\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:52:07"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of mingw-libpng", "edition": 1, "enchantments": {}, "hash": "1a06acaee000aeee999fe0175239eb8c35918500cd5021ab923bd368bd389115", "hashmap": [{"hash": "e44e337a08b8daafde2451b09ef1a16f", "key": "description"}, {"hash": "448a3ed9edee2110d6926a4480d4b313", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "295e09f9e8399906a0ef9e25801e7488", "key": "href"}, {"hash": "a18b761651d3a19f52864e792076e0c1", "key": "cvelist"}, {"hash": "508145e45c440a8bbd259cf6d12ffdcc", "key": "title"}, {"hash": "645bfd02661c9eeb62a190b97bd84688", "key": "sourceData"}, {"hash": "dae8fe86321aca4e462fb73b09d43250", "key": "references"}, {"hash": "818238f5a88c3278e462152e49f23dee", "key": "modified"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bb864ea6391750789e95010f5eaaaf84", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "id": "OPENVAS:1361412562310806749", "lastseen": "2017-07-02T21:12:05", "modified": "2017-05-24T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310806749", "published": "2015-11-28T00:00:00", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 6207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-24 11:04:07 +0200 (Wed, 24 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-libpng\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MinGW Windows Libpng library.\n\");\n script_tag(name: \"affected\", value: \"mingw-libpng on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-97\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:12:05"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of mingw-libpng", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2c9c70c8560bb05798f7bee3fda58ae681a3d29af14f4f075d1949b16350ef8f", "hashmap": [{"hash": "e44e337a08b8daafde2451b09ef1a16f", "key": "description"}, {"hash": "448a3ed9edee2110d6926a4480d4b313", "key": "pluginID"}, {"hash": "295e09f9e8399906a0ef9e25801e7488", "key": "href"}, {"hash": "a18b761651d3a19f52864e792076e0c1", "key": "cvelist"}, {"hash": "508145e45c440a8bbd259cf6d12ffdcc", "key": "title"}, {"hash": "dae8fe86321aca4e462fb73b09d43250", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bb864ea6391750789e95010f5eaaaf84", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "52117548f4ca72a7d8d3d5ba6094548a", "key": "sourceData"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "id": "OPENVAS:1361412562310806749", "lastseen": "2018-08-30T19:22:50", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310806749", "published": "2015-11-28T00:00:00", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-libpng\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MinGW Windows Libpng library.\n\");\n script_tag(name: \"affected\", value: \"mingw-libpng on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-97\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:22:50"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-18T14:36:01", "references": [{"idList": ["DEBIAN:DSA-3399-1:70C2F"], "type": "debian"}, {"idList": ["RHSA-2015:2594", "RHSA-2015:2595", "RHSA-2015:2596"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310122800", "OPENVAS:1361412562310807272", "OPENVAS:1361412562310120601", "OPENVAS:1361412562310806741", "OPENVAS:703399", "OPENVAS:1361412562310806748", "OPENVAS:1361412562310851135", "OPENVAS:1361412562310131136", "OPENVAS:1361412562310806933", "OPENVAS:1361412562310807267"], "type": "openvas"}, {"idList": ["ELSA-2015-2594", "ELSA-2015-2596"], "type": "oraclelinux"}, {"idList": ["ASA-201511-10", "ASA-201511-9", "ASA-201512-18"], "type": "archlinux"}, {"idList": ["FEDORA_2015-97FC1797FA.NASL", "F5_BIGIP_SOL76930736.NASL", "ALA_ALAS-2015-611.NASL", "OPENSUSE-2016-28.NASL", "FEDORA_2015-5E52306C9C.NASL", "SUSE_SU-2016-0027-1.NASL", "FEDORA_2016-9A1C707B10.NASL", "FEDORA_2016-43735C33A7.NASL", "SUSE_SU-2016-0061-1.NASL", "FEDORA_2015-13668FFF74.NASL"], "type": "nessus"}, {"idList": ["SOL81903701", "F5:K76930736", "SOL76930736", "F5:K81903701"], "type": "f5"}, {"idList": ["CVE-2015-8126"], "type": "cve"}, {"idList": ["1886E195-8B87-11E5-90E7-B499BAEBFEAF"], "type": "freebsd"}, {"idList": ["CESA-2015:2595", "CESA-2015:2596", "CESA-2015:2594"], "type": "centos"}, {"idList": ["GLSA-201611-08"], "type": "gentoo"}, {"idList": ["SSA-2015-337-01", "SSA-2015-349-02"], "type": "slackware"}, {"idList": ["OPENSUSE-SU-2015:2099-1", "OPENSUSE-SU-2015:2100-1"], "type": "suse"}, {"idList": ["USN-2815-1"], "type": "ubuntu"}, {"idList": ["ALAS-2015-611"], "type": "amazon"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "0d0e5d64055aefe0c15c252d1776ee49ac0a9a16b9f65cc9333bf7e60f39a743", "hashmap": [{"hash": "448a3ed9edee2110d6926a4480d4b313", "key": "pluginID"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "295e09f9e8399906a0ef9e25801e7488", "key": "href"}, {"hash": "a18b761651d3a19f52864e792076e0c1", "key": "cvelist"}, {"hash": "508145e45c440a8bbd259cf6d12ffdcc", "key": "title"}, {"hash": "dae8fe86321aca4e462fb73b09d43250", "key": "references"}, {"hash": "cd88268d88bd4d0987f3b34d6d7be3fd", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bb864ea6391750789e95010f5eaaaf84", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4525bc09d1c4c408a417a5eb7b850972", "key": "modified"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "id": "OPENVAS:1361412562310806749", "lastseen": "2019-03-18T14:36:01", "modified": "2019-03-15T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310806749", "published": "2015-11-28T00:00:00", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-97\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-03-18T14:36:01"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of mingw-libpng", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "3b56b5d477e311b498e9c334c6e3c4da46ff47057a72df1b95777284bac496e1", "hashmap": [{"hash": "e44e337a08b8daafde2451b09ef1a16f", "key": "description"}, {"hash": "448a3ed9edee2110d6926a4480d4b313", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "295e09f9e8399906a0ef9e25801e7488", "key": "href"}, {"hash": "a18b761651d3a19f52864e792076e0c1", "key": "cvelist"}, {"hash": "508145e45c440a8bbd259cf6d12ffdcc", "key": "title"}, {"hash": "dae8fe86321aca4e462fb73b09d43250", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bb864ea6391750789e95010f5eaaaf84", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "52117548f4ca72a7d8d3d5ba6094548a", "key": "sourceData"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806749", "id": "OPENVAS:1361412562310806749", "lastseen": "2017-07-25T10:53:11", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310806749", "published": "2015-11-28T00:00:00", "references": ["2015-97", "https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-libpng\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MinGW Windows Libpng library.\n\");\n script_tag(name: \"affected\", value: \"mingw-libpng on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-97\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for mingw-libpng FEDORA-2015-97", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-07-25T10:53:11"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a18b761651d3a19f52864e792076e0c1"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "295e09f9e8399906a0ef9e25801e7488"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "448a3ed9edee2110d6926a4480d4b313"}, {"key": "published", "hash": "bb864ea6391750789e95010f5eaaaf84"}, {"key": "references", "hash": "dae8fe86321aca4e462fb73b09d43250"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "cd88268d88bd4d0987f3b34d6d7be3fd"}, {"key": "title", "hash": "508145e45c440a8bbd259cf6d12ffdcc"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "fb1178c3cda0323e3258fbae49f1d2957eb0f6a6864df881efa31946ab122bcb", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8126"]}, {"type": "f5", "idList": ["F5:K76930736", "SOL76930736", "F5:K81903701", "SOL81903701"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310807267", "OPENVAS:1361412562310851135", "OPENVAS:1361412562310806748", "OPENVAS:1361412562310120601", "OPENVAS:1361412562310807272", "OPENVAS:1361412562310131136", "OPENVAS:1361412562310806741", "OPENVAS:1361412562310703399", "OPENVAS:703399", "OPENVAS:1361412562310131155"]}, {"type": "nessus", "idList": ["FEDORA_2015-8A1243DB75.NASL", "SUSE_SU-2015-2013-1.NASL", "OPENSUSE-2016-31.NASL", "OPENSUSE-2016-30.NASL", "SUSE_SU-2016-0041-1.NASL", "SUSE_SU-2016-0061-1.NASL", "OPENSUSE-2015-801.NASL", "OPENSUSE-2016-28.NASL", "FEDORA_2016-43735C33A7.NASL", "ALA_ALAS-2015-611.NASL"]}, {"type": "amazon", "idList": ["ALAS-2015-611"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:2100-1", "OPENSUSE-SU-2015:2099-1"]}, {"type": "archlinux", "idList": ["ASA-201511-10", "ASA-201512-18", "ASA-201511-9"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2596", "ELSA-2015-2595", "ELSA-2015-2594"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3399-1:70C2F", "DEBIAN:DSA-3443-1:8C20E", "DEBIAN:DLA-343-1:12FE2"]}, {"type": "centos", "idList": ["CESA-2015:2596", "CESA-2015:2595", "CESA-2015:2594"]}, {"type": "redhat", "idList": ["RHSA-2015:2596", "RHSA-2015:2594", "RHSA-2015:2595"]}, {"type": "slackware", "idList": ["SSA-2015-337-01", "SSA-2015-349-02"]}, {"type": "freebsd", "idList": ["1886E195-8B87-11E5-90E7-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201611-08"]}, {"type": "ubuntu", "idList": ["USN-2815-1"]}], "modified": "2019-05-29T18:36:50"}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:36:50"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-97\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806749\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-28 06:23:47 +0100 (Sat, 28 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-97\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-97\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310806749", "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:14:45", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.", "modified": "2017-07-01T01:29:00", "id": "CVE-2015-8126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126", "published": "2015-11-13T03:59:00", "title": "CVE-2015-8126", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2019-03-26T06:55:14", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 562159 (BIG-IP and Enterprise Manager) and ID 476569 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libpng \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Medium*| libpng \nVDI profiles using Citrix backend resources \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libpng \nBIG-IP DNS| 12.0.0| 12.1.0| Low| libpng \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libpng \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libpng \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libpng \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libpng \nARX| 6.0.0 - 6.4.0| None| Low| libpng \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| libpng \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| libpng \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| libpng \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| libpng \nBIG-IQ ADC| 4.5.0| None| Low| libpng \nBIG-IQ Centralized Management| 4.6.0| None| Low| libpng \nBIG-IQ Cloud and Orchestration| 1.0.0| None| None| libpng \nLineRate| None| 2.5.0 - 2.6.1| None| None \nF5 WebSafe| None| 1.0.0| None| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| None \n \n* BIG-IP APM 10.1.0 - 11.3.0 versions have a Low severity rating, due to the presence of the libpng component on the system. BIG-IP APM 11.4.0 and later versions use the vulnerable functionality under specific deployment scenarios. For more information, refer to the description in the **Impact** section of this article.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in K4602: Overview of the F5 security vulnerability response policy.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<showcase?case=K9970 >)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<showcase?case=K9957 >)\n * [K4918: Overview of the F5 critical issue hotfix policy](<showcase?case=K4918 >)\n * [K167: Downloading software and firmware from F5](<showcase?case=K167 >)\n", "modified": "2017-04-06T16:51:00", "published": "2015-12-19T03:57:00", "id": "F5:K76930736", "href": "https://support.f5.com/csp/article/K76930736", "title": "Libpng vulnerability CVE-2015-8126", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:29", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-06-01T00:00:00", "published": "2015-12-18T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/76/sol76930736.html", "id": "SOL76930736", "title": "SOL76930736 - Libpng vulnerability CVE-2015-8126", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:53", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for the BIG-IP APM system, ensure that remote Citrix resources are trusted.\n\n**Impact of action:** Performing the recommended mitigation should not have a negative impact on your system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2016-05-25T00:00:00", "published": "2016-03-07T00:00:00", "id": "SOL81903701", "href": "http://support.f5.com/kb/en-us/solutions/public/k/81/sol81903701.html", "type": "f5", "title": "SOL81903701 - Libpng vulnerability CVE-2015-8472", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-11-21T11:22:27", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 562159 (BIG-IP), 563839 (BIG-IQ) and 563842 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H578033 on the **Diagnostics** > **Identified** > **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\n**Product** | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Low | Local libpng library \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Medium* | Local libpng library \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Low | Local libpng library \nBIG-IP DNS | 12.0.0 | 12.1.0 | Low | Local libpng library \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium* | Local libpng library \nBIG-IP GTM | 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | 12.1.0 | Low | Local libpng library \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | Local libpng library \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Local libpng library \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | Local libpng library \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | Local libpng library \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | Local libpng library \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | Local libpng library \nBIG-IQ ADC | 4.5.0 | None | Low | Local libpng library \nBIG-IQ Centralized Management | 4.6.0 | None | Low | Local libpng library \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | Local libpng library \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n* BIG-IP APM/Edge Gateway 10.1.0 through 11.2.1 have a Low severity rating, due to the lack of VDI functionality. BIG-IP APM 11.3.0 and later, and BIG-IP Edge Gateway 11.3.0 may use the vulnerable functionality under specific deployment scenarios. For more information, refer to the description in the **Impact **section of this article.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for the BIG-IP APM system, ensure that remote Citrix resources are trusted.\n\n**Impact of action**: Performing the recommended mitigation should not have a negative impact on your system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2019-05-08T22:40:00", "published": "2016-03-08T01:30:00", "id": "F5:K81903701", "href": "https://support.f5.com/csp/article/K81903701", "title": "Libpng vulnerability CVE-2015-8472", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-12-29T00:00:00", "id": "OPENVAS:1361412562310851135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851135", "title": "SuSE Update for libpng16 openSUSE-SU-2015:2100-1 (libpng16)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_2100_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for libpng16 openSUSE-SU-2015:2100-1 (libpng16)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851135\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-29 17:30:29 +0530 (Tue, 29 Dec 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for libpng16 openSUSE-SU-2015:2100-1 (libpng16)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng16'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libpng16 package was updated to fix the following security issues:\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980).\");\n script_tag(name:\"affected\", value:\"libpng16 on openSUSE 13.2, openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:2100_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE13\\.2|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-compat-devel\", rpm:\"libpng16-compat-devel~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-devel\", rpm:\"libpng16-devel~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-tools\", rpm:\"libpng16-tools~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-tools-debuginfo\", rpm:\"libpng16-tools-debuginfo~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-compat-devel-32bit\", rpm:\"libpng16-compat-devel-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-devel-32bit\", rpm:\"libpng16-devel-32bit~1.6.13~2.7.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-compat-devel\", rpm:\"libpng16-compat-devel~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-devel\", rpm:\"libpng16-devel~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-tools\", rpm:\"libpng16-tools~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-tools-debuginfo\", rpm:\"libpng16-tools-debuginfo~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-compat-devel-32bit\", rpm:\"libpng16-compat-devel-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-devel-32bit\", rpm:\"libpng16-devel-32bit~1.6.6~19.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-11-29T00:00:00", "id": "OPENVAS:1361412562310806748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806748", "title": "Fedora Update for mingw-libpng FEDORA-2015-8", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2015-8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806748\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-29 06:08:42 +0100 (Sun, 29 Nov 2015)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2015-8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.19~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-17T00:00:00", "id": "OPENVAS:1361412562310807267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807267", "title": "Fedora Update for mingw-libpng FEDORA-2016-9", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2016-9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807267\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-17 06:25:33 +0100 (Wed, 17 Feb 2016)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2016-9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.21~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-17T00:00:00", "id": "OPENVAS:1361412562310807272", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807272", "title": "Fedora Update for mingw-libpng FEDORA-2016-43735", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libpng FEDORA-2016-43735\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807272\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-17 06:25:30 +0100 (Wed, 17 Feb 2016)\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libpng FEDORA-2016-43735\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libpng'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libpng on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-43735\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libpng\", rpm:\"mingw-libpng~1.6.21~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2015-0451", "modified": "2018-09-28T00:00:00", "published": "2015-11-23T00:00:00", "id": "OPENVAS:1361412562310131136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131136", "title": "Mageia Linux Local Check: mgasa-2015-0451", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0451.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131136\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-23 07:46:11 +0200 (Mon, 23 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0451\");\n script_tag(name:\"insight\", value:\"Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (CVE-2015-8126). This issue also affected libpng 1.2 before 1.2.54. The libpng and libpng12 packages have been updated to versions 1.6.19 and 1.2.54, respectively, fixing this issue.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0451.html\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0451\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.6.19~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libpng12\", rpm:\"libpng12~1.2.54~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:43", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310120601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120601", "title": "Amazon Linux Local Check: alas-2015-611", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-611.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120601\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:37:04 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-611\");\n script_tag(name:\"insight\", value:\"Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (CVE-2015-8126 ).\");\n script_tag(name:\"solution\", value:\"Run yum update libpng to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-611.html\");\n script_cve_id(\"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.49~1.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.49~1.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.49~1.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.49~1.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2015-0473", "modified": "2018-09-28T00:00:00", "published": "2015-12-17T00:00:00", "id": "OPENVAS:1361412562310131155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131155", "title": "Mageia Linux Local Check: mgasa-2015-0473", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0473.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131155\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-17 10:49:14 +0200 (Thu, 17 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0473\");\n script_tag(name:\"insight\", value:\"Updated libpng and libpng12 packages fix security vulnerability: The fix for CVE-2015-8126 was incomplete. While it defended against the potential overrun while reading PNG files, it did not detect a potential overrun by applications using png_set_PLTE directly (CVE-2015-8472).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0473.html\");\n script_cve_id(\"CVE-2015-8472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0473\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libpng12\", rpm:\"libpng12~1.2.55~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.6.20~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-11-25T00:00:00", "id": "OPENVAS:1361412562310806741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806741", "title": "Fedora Update for libpng10 FEDORA-2015-501493", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2015-501493\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806741\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-25 12:47:21 +0100 (Wed, 25 Nov 2015)\");\n script_cve_id(\"CVE-2015-7981\", \"CVE-2015-8126\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2015-501493\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-501493\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.64~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "description": "Several vulnerabilities have\nbeen discovered in the libpng PNG library. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2015-7981\nQixue Xiao discovered an out-of-bounds read vulnerability in the\npng_convert_to_rfc1123 function. A remote attacker can potentially\ntake advantage of this flaw to cause disclosure of information from\nprocess memory.\n\nCVE-2015-8126\nMultiple buffer overflows were discovered in the png_set_PLTE and\npng_get_PLTE functions. A remote attacker can take advantage of this\nflaw to cause a denial of service (application crash) via a small\nbit-depth value in an IHDR (image header) chunk in a PNG image.", "modified": "2019-03-18T00:00:00", "published": "2015-11-18T00:00:00", "id": "OPENVAS:1361412562310703399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703399", "title": "Debian Security Advisory DSA 3399-1 (libpng - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3399.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3399-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703399\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-7981\", \"CVE-2015-8126\");\n script_name(\"Debian Security Advisory DSA 3399-1 (libpng - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-18 00:00:00 +0100 (Wed, 18 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3399.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"libpng on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), these problems have been fixed in version 1.2.49-1+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.54-1.\n\nWe recommend that you upgrade your libpng packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have\nbeen discovered in the libpng PNG library. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2015-7981\nQixue Xiao discovered an out-of-bounds read vulnerability in the\npng_convert_to_rfc1123 function. A remote attacker can potentially\ntake advantage of this flaw to cause disclosure of information from\nprocess memory.\n\nCVE-2015-8126\nMultiple buffer overflows were discovered in the png_set_PLTE and\npng_get_PLTE functions. A remote attacker can take advantage of this\nflaw to cause a denial of service (application crash) via a small\nbit-depth value in an IHDR (image header) chunk in a PNG image.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpng12-0:amd64\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0:i386\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:amd64\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:i386\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:amd64\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:i386\", ver:\"1.2.49-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0:amd64\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0:i386\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:amd64\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev:i386\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:amd64\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3:i386\", ver:\"1.2.50-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:01", "bulletinFamily": "scanner", "description": "Several vulnerabilities have\nbeen discovered in the libpng PNG library. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2015-7981 \nQixue Xiao discovered an out-of-bounds read vulnerability in the\npng_convert_to_rfc1123 function. A remote attacker can potentially\ntake advantage of this flaw to cause disclosure of information from\nprocess memory.\n\nCVE-2015-8126 \nMultiple buffer overflows were discovered in the png_set_PLTE and\npng_get_PLTE functions. A remote attacker can take advantage of this\nflaw to cause a denial of service (application crash) via a small\nbit-depth value in an IHDR (image header) chunk in a PNG image.", "modified": "2017-07-07T00:00:00", "published": "2015-11-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703399", "id": "OPENVAS:703399", "title": "Debian Security Advisory DSA 3399-1 (libpng - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3399.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3399-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703399);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-7981\", \"CVE-2015-8126\");\n script_name(\"Debian Security Advisory DSA 3399-1 (libpng - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-11-18 00:00:00 +0100 (Wed, 18 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3399.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libpng on Debian Linux\");\n script_tag(name: \"insight\", value: \"libpng is a library implementing an\ninterface for reading and writing PNG (Portable Network Graphics) format\nfiles.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), these problems have been fixed in version 1.2.49-1+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.54-1.\n\nWe recommend that you upgrade your libpng packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have\nbeen discovered in the libpng PNG library. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2015-7981 \nQixue Xiao discovered an out-of-bounds read vulnerability in the\npng_convert_to_rfc1123 function. A remote attacker can potentially\ntake advantage of this flaw to cause disclosure of information from\nprocess memory.\n\nCVE-2015-8126 \nMultiple buffer overflows were discovered in the png_set_PLTE and\npng_get_PLTE functions. A remote attacker can take advantage of this\nflaw to cause a denial of service (application crash) via a small\nbit-depth value in an IHDR (image header) chunk in a PNG image.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpng12-0:amd64\", ver:\"1.2.49-1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-0:i386\", ver:\"1.2.49-1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-dev:amd64\", ver:\"1.2.49-1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-dev:i386\", ver:\"1.2.49-1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3:amd64\", ver:\"1.2.49-1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3:i386\", ver:\"1.2.49-1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-0:amd64\", ver:\"1.2.50-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-0:i386\", ver:\"1.2.50-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-dev:amd64\", ver:\"1.2.50-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-dev:i386\", ver:\"1.2.50-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3:amd64\", ver:\"1.2.50-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3:i386\", ver:\"1.2.50-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T03:01:03", "bulletinFamily": "scanner", "description": "This update fixes the following security issue\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-30.NASL", "href": "https://www.tenable.com/plugins/nessus/88120", "published": "2016-01-25T00:00:00", "title": "openSUSE Security Update : libpng12 (openSUSE-2016-30)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-30.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88120);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/03/21 15:01:55 $\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng12 (openSUSE-2016-30)\");\n script_summary(english:\"Check for the openSUSE-2016-30 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-0-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-0-debuginfo-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-compat-devel-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-debugsource-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng12-devel-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.50-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.50-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0 / libpng12-0-32bit / libpng12-0-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:50", "bulletinFamily": "scanner", "description": "The libpng16 package was updated to fix the following security \nissues :\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities\n in png_get_PLTE/png_set_PLTE functions (bsc#954980).", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2015-801.NASL", "href": "https://www.tenable.com/plugins/nessus/87081", "published": "2015-11-30T00:00:00", "title": "openSUSE Security Update : libpng16 (openSUSE-2015-801)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-801.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87081);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/03/21 15:01:55 $\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng16 (openSUSE-2015-801)\");\n script_summary(english:\"Check for the openSUSE-2015-801 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng16 package was updated to fix the following security \nissues :\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities\n in png_get_PLTE/png_set_PLTE functions (bsc#954980).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-16-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-16-debuginfo-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-compat-devel-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-debugsource-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-devel-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-tools-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-tools-debuginfo-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.6-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-16-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-16-debuginfo-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-compat-devel-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-debugsource-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-devel-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-tools-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-tools-debuginfo-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.13-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.13-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16-16 / libpng16-16-32bit / libpng16-16-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:01:03", "bulletinFamily": "scanner", "description": "This update fixes the following security issue :\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-28.NASL", "href": "https://www.tenable.com/plugins/nessus/88118", "published": "2016-01-25T00:00:00", "title": "openSUSE Security Update : libpng16 (openSUSE-2016-28)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-28.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88118);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/03/21 15:01:55 $\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng16 (openSUSE-2016-28)\");\n script_summary(english:\"Check for the openSUSE-2016-28 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980] This update was imported from the\n SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-16-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-16-debuginfo-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-compat-devel-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-debugsource-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-devel-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-tools-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng16-tools-debuginfo-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.8-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.8-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16-16 / libpng16-16-32bit / libpng16-16-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:28", "bulletinFamily": "scanner", "description": "Update to 1.6.21 which fixes various CVE", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-43735C33A7.NASL", "href": "https://www.tenable.com/plugins/nessus/89527", "published": "2016-03-04T00:00:00", "title": "Fedora 22 : mingw-libpng-1.6.21-1.fc22 (2016-43735c33a7)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-43735c33a7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89527);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/03/21 15:01:55 $\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"FEDORA\", value:\"2016-43735c33a7\");\n\n script_name(english:\"Fedora 22 : mingw-libpng-1.6.21-1.fc22 (2016-43735c33a7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.21 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281760\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1f28b52\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-libpng-1.6.21-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:21", "bulletinFamily": "scanner", "description": "This update fixes the following security issue :\n\n - CVE-2015-8126 Possible buffer overflow vulnerabilities\n in png_get_PLTE and png_set_PLTE functions could cause a\n denial of service (application crash) or possibly have\n an unspecified impact [bsc#954980]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-0041-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87864", "published": "2016-01-12T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libpng15 (SUSE-SU-2016:0041-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0041-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87864);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libpng15 (SUSE-SU-2016:0041-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - CVE-2015-8126 Possible buffer overflow vulnerabilities\n in png_get_PLTE and png_set_PLTE functions could cause a\n denial of service (application crash) or possibly have\n an unspecified impact [bsc#954980]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8126/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160041-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b45d98d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-33=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-33=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng15-15-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng15-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng15-15-1.5.22-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng15-15-debuginfo-1.5.22-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng15-debugsource-1.5.22-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng15-15-1.5.22-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng15-15-debuginfo-1.5.22-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng15-debugsource-1.5.22-4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng15\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:22", "bulletinFamily": "scanner", "description": " - security update: This update fixes the following securit\n issue :\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-0061-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87867", "published": "2016-01-12T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : libpng12-0 (SUSE-SU-2016:0061-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0061-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87867);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : libpng12-0 (SUSE-SU-2016:0061-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - security update: This update fixes the following securit\n issue :\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8126/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160061-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54a0f6b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-libpng12-0-12309=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-libpng12-0-12309=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-libpng12-0-12309=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-libpng12-0-12309=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-libpng12-0-12309=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-libpng12-0-12309=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-libpng12-0-12309=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-libpng12-0-12309=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-libpng12-0-12309=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libpng12-0-32bit-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libpng12-0-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libpng12-0-32bit-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libpng12-0-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libpng12-0-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libpng12-0-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libpng12-0-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libpng12-0-1.2.31-5.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:01:03", "bulletinFamily": "scanner", "description": "This update fixes the following security issue :\n\n - CVE-2015-8126 Possible buffer overflow vulnerabilities\n in png_get_PLTE and png_set_PLTE functions could cause a\n denial of service (application crash) or possibly have\n an unspecified impact [bsc#954980]\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-31.NASL", "href": "https://www.tenable.com/plugins/nessus/88121", "published": "2016-01-25T00:00:00", "title": "openSUSE Security Update : libpng15 (openSUSE-2016-31)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-31.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88121);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/03/21 15:01:55 $\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"openSUSE Security Update : libpng15 (openSUSE-2016-31)\");\n script_summary(english:\"Check for the openSUSE-2016-31 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - CVE-2015-8126 Possible buffer overflow vulnerabilities\n in png_get_PLTE and png_set_PLTE functions could cause a\n denial of service (application crash) or possibly have\n an unspecified impact [bsc#954980]\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng15 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-15-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng15-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng15-15-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng15-15-debuginfo-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpng15-debugsource-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng15-15-32bit-1.5.22-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpng15-15-debuginfo-32bit-1.5.22-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng15-15 / libpng15-15-32bit / libpng15-15-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:24", "bulletinFamily": "scanner", "description": "libpng 1.6.19 release, fixing CVE-2015-8126\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-8A1243DB75.NASL", "href": "https://www.tenable.com/plugins/nessus/89313", "published": "2016-03-04T00:00:00", "title": "Fedora 21 : mingw-libpng-1.6.19-1.fc21 (2015-8a1243db75)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8a1243db75.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89313);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/03/21 15:01:55 $\");\n\n script_cve_id(\"CVE-2015-8126\");\n script_xref(name:\"FEDORA\", value:\"2015-8a1243db75\");\n\n script_name(english:\"Fedora 21 : mingw-libpng-1.6.19-1.fc21 (2015-8a1243db75)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libpng 1.6.19 release, fixing CVE-2015-8126\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281756\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c9b2c22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-libpng-1.6.19-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:20", "bulletinFamily": "scanner", "description": "The libpng16 package was updated to fix the following security issue :\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities\n in png_get_PLTE/png_set_PLTE functions (bsc#954980).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2015-2013-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86940", "published": "2015-11-19T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2015:2013-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2013-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86940);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/11 11:22:12\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2015:2013-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng16 package was updated to fix the following security issue :\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities\n in png_get_PLTE/png_set_PLTE functions (bsc#954980).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8126/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152013-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09be3f10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-855=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-855=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-855=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-debuginfo-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-debugsource-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-32bit-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-debugsource-1.6.8-8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:21", "bulletinFamily": "scanner", "description": "This update fixes the following security issue\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-0050-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87866", "published": "2016-01-12T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libpng12 (SUSE-SU-2016:0050-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0050-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87866);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2015-8126\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libpng12 (SUSE-SU-2016:0050-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue\n\n - CVE-2015-8126 Multiple buffer overflows in the\n png_set_PLTE and png_get_PLTE functions allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact\n [bsc#954980]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8126/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160050-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c8fb838\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-37=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-37=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-37=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-37=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-37=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-37=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng12-0-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng12-0-debuginfo-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng12-debugsource-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng12-0-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng12-0-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng12-0-debuginfo-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng12-debugsource-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng12-0-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng12-0-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng12-debugsource-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng12-0-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.50-13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng12-debugsource-1.2.50-13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T19:20:44", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image ([CVE-2015-8126 __](<https://access.redhat.com/security/cve/CVE-2015-8126>)).\n\n \n**Affected Packages:** \n\n\nlibpng\n\n \n**Issue Correction:** \nRun _yum update libpng_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libpng-static-1.2.49-1.13.amzn1.i686 \n libpng-debuginfo-1.2.49-1.13.amzn1.i686 \n libpng-devel-1.2.49-1.13.amzn1.i686 \n libpng-1.2.49-1.13.amzn1.i686 \n \n src: \n libpng-1.2.49-1.13.amzn1.src \n \n x86_64: \n libpng-devel-1.2.49-1.13.amzn1.x86_64 \n libpng-static-1.2.49-1.13.amzn1.x86_64 \n libpng-1.2.49-1.13.amzn1.x86_64 \n libpng-debuginfo-1.2.49-1.13.amzn1.x86_64 \n \n \n", "modified": "2015-11-23T22:53:00", "published": "2015-11-23T22:53:00", "id": "ALAS-2015-611", "href": "https://alas.aws.amazon.com/ALAS-2015-611.html", "title": "Medium: libpng", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:39", "bulletinFamily": "unix", "description": "The libpng16 package was updated to fix the following security issues:\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980).\n\n", "modified": "2015-11-25T21:14:06", "published": "2015-11-25T21:14:06", "id": "OPENSUSE-SU-2015:2100-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html", "title": "Security update for libpng16 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:38:24", "bulletinFamily": "unix", "description": "The libpng12 package was updated to fix the following security issues:\n\n - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in\n png_get_PLTE/png_set_PLTE functions (bsc#954980).\n - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051).\n\n", "modified": "2015-11-25T21:13:40", "published": "2015-11-25T21:13:40", "id": "OPENSUSE-SU-2015:2099-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html", "type": "suse", "title": "Security update for libpng12 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:21", "bulletinFamily": "unix", "description": "New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/libpng-1.4.17-i486-1_slack14.1.txz: Upgraded.\n Fixed buffer overflows in the png_set_PLTE(), png_get_PLTE(),\n png_set_tIME(), and png_convert_to_rfc1123() functions that allow\n attackers to cause a denial of service (application crash) or\n possibly have unspecified other impact via a small bit-depth value\n in an IHDR (aka image header) chunk in a PNG image.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.54-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.54-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.17-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.17-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.17-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.17-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.17-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.17-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.19-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.19-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nc6eb0eeb425af17d02655f2f9fa69723 libpng-1.2.54-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nee85a731b10fe3d5767b97e91d6bfc1f libpng-1.2.54-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n3d6d26c2cdd0f8ffc9d4ee4284ebdfc7 libpng-1.4.17-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2b9beff2066d8cd2530c4db6878f3644 libpng-1.4.17-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n36f5490f07d75665bab2bc5cccd77437 libpng-1.4.17-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nb0110d8941fd249c9b99932b7de67990 libpng-1.4.17-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n0e21fde66006e6e86117ba075e8c160d libpng-1.4.17-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n221b16014a862c02e787519a3090812b libpng-1.4.17-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ncdd3f81e3a487b4aceb1920295c9ffbe libpng-1.4.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0f2e5230458bdb77a19dbc09b6eae0e libpng-1.4.17-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n56306097bf7dde2aa757d122d6fb3616 l/libpng-1.6.19-i586-1.txz\n\nSlackware x86_64 -current package:\nd11905e7d052578e96ff10f42b175c89 l/libpng-1.6.19-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libpng-1.4.17-i486-1_slack14.1.txz", "modified": "2015-12-03T00:20:21", "published": "2015-12-03T00:20:21", "id": "SSA-2015-337-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.522940", "title": "libpng", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T07:36:56", "bulletinFamily": "unix", "description": "New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz: Upgraded.\n Fixed incorrect implementation of png_set_PLTE() that uses png_ptr\n not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126\n vulnerability.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.55-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.55-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.18-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.18-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.18-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.18-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.18-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.18-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.18-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.20-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.20-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n0ee9224ad5684fad22c1b0c90605c63b libpng-1.2.55-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd9b29264e8312baf0c511c81ad779e59 libpng-1.2.55-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n28f6f162e3808d1dcdf6a3a98a8ccd69 libpng-1.4.18-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n156846c2db1a60cc840ed6e545ad9ec3 libpng-1.4.18-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n6c2eb1e0434a742f837b3d136d09fa89 libpng-1.4.18-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n099974c30fce3f57ba60249e6cd4ad99 libpng-1.4.18-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb546c957f439e78bbee7bdd429953a76 libpng-1.4.18-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n66903cc8d9eea2c47698ff0776da13e2 libpng-1.4.18-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nf2dfcb4aa0a05fccf81f60f913bc7e8e libpng-1.4.18-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc06efdbec225394a156860a4f571dd59 libpng-1.4.18-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n6f2e6e7f5f8c3760a372cc9ae3130060 l/libpng-1.6.20-i586-1.txz\n\nSlackware x86_64 -current package:\n8be8af75ec81e9463adf345c0bf48432 l/libpng-1.6.20-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libpng-1.4.18-i486-1_slack14.1.txz", "modified": "2015-12-15T22:25:09", "published": "2015-12-15T22:25:09", "id": "SSA-2015-349-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.504203", "title": "libpng", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "description": "- CVE-2015-7981 (out-of-bounds read)\n\nThis is an array indexing error, which can lead to an out-of-bounds read\nof a static buffer. The result is now unsigned (no longer negative, but\nnow a huge positive number).\n\n- CVE-2015-8126 (arbitrary code execution)\n\nBuffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,\nallowing remote attackers to cause DoS to application or have\nunspecified other impact. These functions failed to check for an\nout-of-range palette when reading or writing PNG files with a bit_depth\nless than 8. Some applications might read the bit depth from the IHDR\nchunk and allocate memory for a 2^N entry palette, while libpng can\nreturn a palette with up to 256 entries even when the bit depth is less\nthan 8.", "modified": "2015-11-17T00:00:00", "published": "2015-11-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html", "id": "ASA-201511-10", "title": "lib32-libpng: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "description": "It was discovered that the png_get_PLTE() and png_set_PLTE() functions\nof libpng did not correctly calculate the maximum palette sizes for bit\ndepths of less than 8. In case an application tried to use these\nfunctions in combination with properly calculated palette sizes, this\ncould lead to a buffer overflow or out-of-bounds reads. An attacker\ncould exploit this to cause a crash or potentially execute arbitrary\ncode by tricking an unsuspecting user into processing a specially\ncrafted PNG image. However, the exact impact is dependent on the\napplication using the library.\nThis issue is the result of an incomplete fix for CVE-2015-8126 in\nlibpng 1.6.19.", "modified": "2015-12-28T00:00:00", "published": "2015-12-28T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html", "id": "ASA-201512-18", "title": "libpng: buffer overflow", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "description": "- CVE-2015-7981 (out-of-bounds read)\n\nThis is an array indexing error, which can lead to an out-of-bounds read\nof a static buffer. The result is now unsigned (no longer negative, but\nnow a huge positive number).\n\n- CVE-2015-8126 (arbitrary code execution)\n\nBuffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,\nallowing remote attackers to cause DoS to application or have\nunspecified other impact. These functions failed to check for an\nout-of-range palette when reading or writing PNG files with a bit_depth\nless than 8. Some applications might read the bit depth from the IHDR\nchunk and allocate memory for a 2^N entry palette, while libpng can\nreturn a palette with up to 256 entries even when the bit depth is less\nthan 8.", "modified": "2015-11-17T00:00:00", "published": "2015-11-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html", "id": "ASA-201511-9", "title": "libpng: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "description": "The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAll libpng users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "modified": "2018-04-12T03:33:12", "published": "2015-12-09T18:26:42", "id": "RHSA-2015:2596", "href": "https://access.redhat.com/errata/RHSA-2015:2596", "type": "redhat", "title": "(RHSA-2015:2596) Moderate: libpng security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "description": "The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAn array-indexing error was discovered in the png_convert_to_rfc1123()\nfunction of libpng. An attacker could possibly use this flaw to cause an\nout-of-bounds read by tricking an unsuspecting user into processing a\nspecially crafted PNG image. (CVE-2015-7981)\n\nAll libpng users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:37", "published": "2015-12-09T05:00:00", "id": "RHSA-2015:2594", "href": "https://access.redhat.com/errata/RHSA-2015:2594", "type": "redhat", "title": "(RHSA-2015:2594) Moderate: libpng security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:29", "bulletinFamily": "unix", "description": "The libpng12 packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAn array-indexing error was discovered in the png_convert_to_rfc1123()\nfunction of libpng. An attacker could possibly use this flaw to cause an\nout-of-bounds read by tricking an unsuspecting user into processing a\nspecially crafted PNG image. (CVE-2015-7981)\n\nAll libpng12 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-04-12T03:32:38", "published": "2015-12-09T18:25:59", "id": "RHSA-2015:2595", "href": "https://access.redhat.com/errata/RHSA-2015:2595", "type": "redhat", "title": "(RHSA-2015:2595) Moderate: libpng12 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:11", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3399-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libpng\nCVE ID : CVE-2015-7981 CVE-2015-8126\nDebian Bug : 803078 805113\n\nSeveral vulnerabilities have been discovered in the libpng PNG library.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7981\n\n Qixue Xiao discovered an out-of-bounds read vulnerability in the\n png_convert_to_rfc1123 function. A remote attacker can potentially\n take advantage of this flaw to cause disclosure of information from\n process memory.\n\nCVE-2015-8126\n\n Multiple buffer overflows were discovered in the png_set_PLTE and\n png_get_PLTE functions. A remote attacker can take advantage of this\n flaw to cause a denial of service (application crash) via a small\n bit-depth value in an IHDR (image header) chunk in a PNG image.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.49-1+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.54-1.\n\nWe recommend that you upgrade your libpng packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-11-18T19:55:59", "published": "2015-11-18T19:55:59", "id": "DEBIAN:DSA-3399-1:70C2F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00304.html", "title": "[SECURITY] [DSA 3399-1] libpng security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:53", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3443-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 13, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libpng\nCVE ID : CVE-2015-8472 CVE-2015-8540\nDebian Bug : 807112 807694\n\nSeveral vulnerabilities have been discovered in the libpng PNG library.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-8472\n\n It was discovered that the original fix for CVE-2015-8126 was\n incomplete and did not detect a potential overrun by applications\n using png_set_PLTE directly. A remote attacker can take advantage of\n this flaw to cause a denial of service (application crash).\n\nCVE-2015-8540\n\n Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword\n function. A remote attacker can potentially take advantage of this\n flaw to cause a denial of service (application crash).\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.49-1+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u2.\n\nWe recommend that you upgrade your libpng packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-01-13T21:31:40", "published": "2016-01-13T21:31:40", "id": "DEBIAN:DSA-3443-1:8C20E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00012.html", "title": "[SECURITY] [DSA 3443-1] libpng security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:09", "bulletinFamily": "unix", "description": "Package : libpng\nVersion : 1.2.44-1+squeeze5\nCVE ID : CVE-2012-3425 CVE-2015-7981 CVE-2015-8126\n\n * CVE-2015-7981\n Added a safety check in png_set_tIME() (Bug report from Qixue Xiao).\n * CVE-2015-8126\n Multiple buffer overflows in the (1) png_set_PLTE and\n (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x\n before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24,\n and 1.6.x before 1.6.19 allow remote attackers to cause a denial\n of service (application crash) or possibly have unspecified other\n impact via a small bit-depth value in an IHDR (aka image header)\n chunk in a PNG image.\n * CVE-2012-3425\n vulnerable code is not present here\n\n", "modified": "2015-11-17T21:30:41", "published": "2015-11-17T21:30:41", "id": "DEBIAN:DLA-343-1:12FE2", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201511/msg00003.html", "title": "[SECURITY] [DLA 343-1] libpng security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "unix", "description": "[2:1.5.13-7]\n- Security fix for CVE-2015-8126\n- Changing png_ptr to info_ptf based on upstream\n- Related: #1283576\n[2:1.5.13-6]\n- Security fix for CVE-2015-8126\n- Resolves: #1283576", "modified": "2015-12-09T00:00:00", "published": "2015-12-09T00:00:00", "id": "ELSA-2015-2596", "href": "http://linux.oracle.com/errata/ELSA-2015-2596.html", "title": "libpng security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:2596\n\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAll libpng users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/002746.html\n\n**Affected packages:**\nlibpng\nlibpng-devel\nlibpng-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2596.html", "modified": "2015-12-09T19:21:36", "published": "2015-12-09T19:21:36", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/002746.html", "id": "CESA-2015:2596", "title": "libpng security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:2595\n\n\nThe libpng12 packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library.\n(CVE-2015-8126, CVE-2015-8472)\n\nAn array-indexing error was discovered in the png_convert_to_rfc1123()\nfunction of libpng. An attacker could possibly use this flaw to cause an\nout-of-bounds read by tricking an unsuspecting user into processing a\nspecially crafted PNG image. (CVE-2015-7981)\n\nAll libpng12 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/002747.html\n\n**Affected packages:**\nlibpng12\nlibpng12-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2595.html", "modified": "2015-12-09T19:21:50", "published": "2015-12-09T19:21:50", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/002747.html", "id": "CESA-2015:2595", "title": "libpng12 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "unix", "description": "\nlibpng reports:\n\nCVE for a vulnerability in libpng, all versions, in the\n png_set_PLTE/png_get_PLTE functions. These functions failed to check for\n an out-of-range palette when reading or writing PNG files with a bit_depth\n less than 8. Some applications might read the bit depth from the IHDR\n chunk and allocate memory for a 2^N entry palette, while libpng can return\n a palette with up to 256 entries even when the bit depth is less than 8.\n\n", "modified": "2015-12-08T00:00:00", "published": "2015-11-15T00:00:00", "id": "1886E195-8B87-11E5-90E7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/1886e195-8b87-11e5-90e7-b499baebfeaf.html", "title": "libpng buffer overflow in png_set_PLTE", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-11-15T08:54:36", "bulletinFamily": "unix", "description": "### Background\n\nlibpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several other programs, including web browsers and potentially server processes. \n\n### Description\n\nMultiple vulnerabilities were found in libpng. Please review the referenced CVE\u2019s for additional information. \n\n### Impact\n\nRemote attackers could cause a Denial of Service condition or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libpng 1.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.2.56\"\n \n\nAll libpng 1.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.5.26\"\n \n\nAll libpng 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.6.21\"", "modified": "2016-11-15T00:00:00", "published": "2016-11-15T00:00:00", "href": "https://security.gentoo.org/glsa/201611-08", "id": "GLSA-201611-08", "type": "gentoo", "title": "libpng: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:58", "bulletinFamily": "unix", "description": "Mikulas Patocka discovered that libpng incorrectly handled certain large fields. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-3425)\n\nQixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. (CVE-2015-7981)\n\nIt was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8126)", "modified": "2015-11-19T00:00:00", "published": "2015-11-19T00:00:00", "id": "USN-2815-1", "href": "https://usn.ubuntu.com/2815-1/", "title": "libpng vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}