Bug 17161

Summary: libpng, libpng12 new security issue CVE-2015-8126
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: brtians1, davidwhodgins, sysadmin-bugs, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/664752/
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK advisory
Source RPM: libpng-1.6.17-1.mga5.src.rpm, libpng12-1.2.52-1.1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-11-16 23:02:44 CET 
A security issue fixed upstream in libpng was announced on November 12:
http://openwall.com/lists/oss-security/2015/11/12/2

It was assigned CVE-2015-8126:
http://openwall.com/lists/oss-security/2015/11/13/1

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated libpng and libpng12 packages fix security vulnerability:

Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in
libpng before 1.6.19 allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a small
bit-depth value in an IHDR (aka image header) chunk in a PNG image
(CVE-2015-8126).

This issue also affected libpng 1.2 before 1.2.54.  The libpng and libpng12
packages have been updated to versions 1.6.19 and 1.2.54, respectively, fixing
this issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://openwall.com/lists/oss-security/2015/11/13/1
========================

Updated packages in core/updates_testing:
========================
libpng12_0-1.2.54-1.mga5
libpng12-devel-1.2.54-1.mga5
libpng16_16-1.6.19-1.mga5
libpng-devel-1.6.19-1.mga5

from SRPMS:
libpng12-1.2.54-1.mga5.src.rpm
libpng-1.6.19-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-11-16 23:06:23 CET 
xv (in nonfree) and Firefox use libpng12 and libpng, respectively, to display PNG images.

Whiteboard: (none) => has_procedure

Comment 2 Brian Rockwell 2015-11-17 15:16:45 CET 
[brian@localhost ~]$ uname -a
Linux localhost 4.1.13-desktop586-2.mga5 #1 SMP Wed Nov 11 00:50:24 UTC 2015 i686 i686 i686 GNU/Linux


Installed package .

libpng12_0-1.2.54-1.mga5

Tested xv.

Loaded png, modified and saved to a new png.

No problems to report.

CC: (none) => brtians1

Comment 3 William Kenney 2015-11-17 17:32:34 CET 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
libpng16_16

default install of libpng16_16

[root@localhost wilcal]# urpmi libpng16_16
Package libpng16_16-1.6.17-1.mga5.i586 is already installed

Using Gimp I can open a png file, add elements to the image,
flip the image horizontally, resize the image, crop the
image to a different size then output it with a compression level
of 5 the image as a png file. That image can then be opened and
viewed with Gwenview.

install libpng16_16 from updates_testing

[root@localhost wilcal]# urpmi libpng16_16
Package libpng16_16-1.6.19-1.mga5.i586 is already installed

Using Gimp I can open a different png file, add elements to the
image, flip the image vertically, resize the image, crop the
image to a different size then output it with a compression level
of 5 the image as a png file. That image can then be opened and
viewed with Gwenview. The previously created png file can be
opened, modified and changed with gimp.

CC: (none) => wilcal.int
Whiteboard: has_procedure => has_procedure MGA5-32-OK

William Kenney 2015-11-17 17:34:19 CET

Whiteboard: has_procedure MGA5-32-OK => has_procedure

Comment 4 William Kenney 2015-11-17 17:50:15 CET 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
libpng12_0

install libpng12_0 from updates testing

[root@localhost wilcal]# urpmi xv
Package xv-3.10a-15.mga5.nonfree.i586 is already installed
[root@localhost wilcal]# urpmi libpng12_0
Package libpng12_0-1.2.54-1.mga5.i586 is already installed

[wilcal@localhost Pictures]$ xv created_image.png
Opens a window on the desktop and displays created_image.png.

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 5 William Kenney 2015-11-17 18:30:43 CET 
In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
libpng12_0 libpng16_16

install libpng12_0 & libpng16_16 from updates testing

[root@localhost wilcal]# urpmi xv
Package xv-3.10a-15.mga5.nonfree.x86_64 is already installed
[root@localhost wilcal]# urpmi libpng12_0
Package libpng12_0-1.2.52-1.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libpng16_16
Package libpng16_16-1.6.17-1.mga5.i586 is already installed

Using Gimp I can open a png file, add elements to the image,
flip the image horizontally, resize the image, crop the
image to a different size then output it with a compression level
of 5 the image as a png file. That image can then be opened and
viewed with Gwenview.
[wilcal@localhost Pictures]$ xv created_image.png
Opens a window on the desktop and displays created_image.png.

install libpng12_0 & libpng16_16 from updates_testing

[root@localhost wilcal]# urpmi xv
Package xv-3.10a-15.mga5.nonfree.x86_64 is already installed
[root@localhost wilcal]# urpmi libpng12_0
Package libpng12_0-1.2.54-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libpng16_16
Package libpng16_16-1.6.19-1.mga5.i586 is already installed

Using Gimp I can open different png file, add elements to the image,
flip the image vertically, resize the image, crop the
image to a different size then output it with a compression level
of 5 the image as a png file. That image can then be opened and
viewed with Gwenview. Previously created png file can be opened in Gimp.
[wilcal@localhost Pictures]$ xv created_image.png
Opens a window on the desktop and displays created_image.png.
[wilcal@localhost Pictures]$ xv created_image1.png
Opens a window on the desktop and displays created_image1.png.
Comment 6 William Kenney 2015-11-17 18:31:45 CET 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

David Walser 2015-11-17 19:29:54 CET

URL: (none) => http://lwn.net/Vulnerabilities/664752/

Dave Hodgins 2015-11-19 17:38:57 CET

CC: (none) => davidwhodgins
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory

Comment 7 Mageia Robot 2015-11-19 23:09:19 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0451.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED