Security Bulletin: Security vulnerabilities in Rational DOORS (CVE-2014-3613, CVE-2014-3620, CVE-2014-8730, CVE-2014-9495, CVE-2015-0973)

Summary IBM Rational DOORS contains multiple security vulnerabilities. Vulnerability Details Rational DOORS is affected by the following vulnerabilities disclosed in and corrected by Rational DOORS fix pack releases: CVE ID: CVE-2014-3613 Description: cURL/libcURL could allow a remote attacker to...

Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting( CVE-2015-0138, CVE-2014-9495,CVE-2014-8917,CVE-2015-0973 ,CVE-2014-3566 ,CVE-2014-6457 ,CVE-2014-6593,CVE-2015-0410,CVE-2014-3569,CVE-2015-0204,CVE-2014-3570)

Summary Fixes of Cognos Business Intelligence is provided as part of Tivoli Common Reporting fixes. There are multiple vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Busines...

SUSE: Security Advisory for libpng16 (SUSE-SU-2015:0092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201502-10

Gentoo Linux Local Security Checks GLSA 201502-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2015:0092-1)

This update fixes the following security issues : - CVE-2014-9495: libpng versions heap overflow vulnerability, that under certain circumstances could be exploit. bnc912076 - CVE-2015-0973: A heap-based overflow was found in the pngcombinerow function of the libpng library, when very large...

Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)

This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora Update for libpng10 FEDORA-2015-2863

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libpng: User-assisted execution of arbitrary code

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Two vulnerabilities have been discovered in libpng: The pnguserversioncheck function contains an...

openSUSE Security Update : libpng16 (openSUSE-SU-2015:0161-1)

libpng was updated to fix some security issues : - CVE-2014-9495 bnc912076: Heap-buffer overflow pngcombinerow with very wide interlaced images - CVE-2015-0973 bnc912929: overflow in pngreadIDATdata libpng is now also build with -DPNGSAFELIMITSSUPPORTED. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2014-9495

Heap-based buffer overflow in the pngcombinerow function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image...

CVE-2014-9495

CVE-2014-9495 affects libpng used in IBM Cognos components (per IBM Tivoli/DB references). Root cause: heap-based buffer overflow in png_combine_row when decompressing IDAT data, on 64-bit systems. Affected versions: libpng before 1.5.21 and 1.6.x before 1.6.16. Potential impact: remote arbitrary...

Updated libpng packages fix CVE-2014-9495

Updated libpng packages fix security vulnerability: libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in pngcombinerow when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary attacker-controlled dat...

MGASA-2015-0008 Updated libpng packages fix CVE-2014-9495

Updated libpng packages fix security vulnerability: libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in pngcombinerow when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary attacker-controlled dat...