Summary: | <media-libs/libpng-{1.5.21,1.6.16}: heap overflow (CVE-2014-9495,CVE-2015-0973) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2014-12-23 02:16:11 UTC
+*libpng-1.6.16 (23 Dec 2014) +*libpng-1.5.21 (23 Dec 2014) + + 23 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> -libpng-1.5.18-r1.ebuild, + -libpng-1.5.19.ebuild, +libpng-1.5.21.ebuild, -libpng-1.6.13.ebuild, + +libpng-1.6.16.ebuild: + Security bump (bug #533358). Removed old. + Arches please test and mark stable the following packages: =media-libs/libpng-1.5.21 Stable targets: amd64 x86 =media-libs/libpng-1.6.16 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable x86 stable Stable for HPPA. ppc stable ppc64 stable sparc stable arm stable Stable on alpha. CVE-2014-9495 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9495): Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. With only one build remaining, filing GLSA. New GLSA Filed. ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. + 21 Jan 2015; Lars Wendler <polynomial-c@gentoo.org> -libpng-1.5.20.ebuild, + -libpng-1.6.10.ebuild, -libpng-1.6.12.ebuild, -libpng-1.6.15.ebuild: + Removed vulnerable versions. + Arches and Maintainer(s), Thank you for your work. CVE-2015-0973 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0973): Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. This issue was resolved and addressed in GLSA 201502-10 at http://security.gentoo.org/glsa/glsa-201502-10.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |