Bug 14960

Summary: libpng new security issue CVE-2014-9495
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: herman.viaene, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/628701/
Whiteboard: has_procedure advisory MGA4-64-OK MGA4-32-OK
Source RPM: libpng-1.6.13-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-01-06 00:21:03 CET 
A CVE has been assigned for a security issue fixed upstream in 1.6.16:
http://openwall.com/lists/oss-security/2015/01/04/3

Updated packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated libpng packages fix security vulnerability:

libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability
in png_combine_row() when decoding very wide interlaced images, which can
allow an attacker to overwrite an arbitrary amount of memory with arbitrary
(attacker-controlled) data (CVE-2014-9495).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495
http://www.libpng.org/pub/png/libpng.html
========================

Updated packages in core/updates_testing:
========================
libpng16_16-1.6.16-1.mga4
libpng-devel-1.6.16-1.mga4

from libpng-1.6.16-1.mga4.src.rpm


Reproducible: 

Steps to Reproduce:
David Walser 2015-01-07 01:24:35 CET

Severity: normal => major

Comment 1 Herman Viaene 2015-01-07 12:14:42 CET 
MGA4-64 on HP Probook 6555b KDE
No installation issues.
Checked : gimp shows to be dependent.
Opened png file in Gimp, rotated it and exported again: all OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA4-64-OK

Comment 2 Herman Viaene 2015-01-07 13:33:22 CET 
MGA4-32 on AcerD620 Xfce.No installation issues.
Checked : gimp shows to be dependent.
Opened png file in Gimp, rotated it and exported again: all OK.

Whiteboard: MGA4-64-OK => MGA4-64-OK MGA4-32-OK

Comment 3 claire robinson 2015-01-07 15:31:17 CET 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Whiteboard: MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-01-07 16:15:38 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0008.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-01-07 19:01:37 CET

URL: (none) => http://lwn.net/Vulnerabilities/628701/

Comment 5 David Walser 2015-01-12 00:39:25 CET 
This update also fixed CVE-2015-0973.  See this for more info:
http://openwall.com/lists/oss-security/2015/01/10/3
Comment 6 David Walser 2015-01-20 20:16:49 CET 
LWN reference for CVE-2015-0973:
http://lwn.net/Vulnerabilities/630071/