It was announced that the fix for CVE-2015-8126 was incomplete on December 3: http://openwall.com/lists/oss-security/2015/12/03/6 A CVE was assigned for the incomplete fix on December 4: http://openwall.com/lists/oss-security/2015/12/05/5 The issue is completely fixed in 1.6.20 and 1.2.55. It is not believed to actually affect anything, so this is a minor issue. Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libpng and libpng12 packages fix security vulnerability: The fix for CVE-2015-8126 was incomplete. While it defended against the potential overrun while reading PNG files, it did not detect a potential overrun by applications using png_set_PLTE directly (CVE-2015-8472). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472 http://advisories.mageia.org/MGASA-2015-0451.html http://openwall.com/lists/oss-security/2015/12/05/5 ======================== Updated packages in core/updates_testing: ======================== libpng12_0-1.2.55-1.mga5 libpng12-devel-1.2.55-1.mga5 libpng16_16-1.6.20-1.mga5 libpng-devel-1.6.20-1.mga5 from SRPMS: libpng12-1.2.55-1.mga5.src.rpm libpng-1.6.20-1.mga5.src.rpm Reproducible: Steps to Reproduce:
These can be tested using xv (libpng12) and Firefox or GIMP (libpng).
Whiteboard: (none) => has_procedure
RedHat has issued an advisory for this today (December 9): https://rhn.redhat.com/errata/RHSA-2015-2596.html
URL: (none) => http://lwn.net/Vulnerabilities/667312/
Another fix is upcoming in libpng12: http://openwall.com/lists/oss-security/2015/12/10/7 libpng isn't affected, so feel free to proceed testing that one.
(In reply to David Walser from comment #3) > Another fix is upcoming in libpng12: > http://openwall.com/lists/oss-security/2015/12/10/7 This will be CVE-2015-8540: http://openwall.com/lists/oss-security/2015/12/11/1
HI David, let me know when next fix is in, I'll try it. Brian
CC: (none) => brtians1
In VirtualBox, M5, KDE, 32-bit Package(s) under test: libpng12_0 libpng16_16 default install of libpng12_0 & libpng16_16 [root@localhost wilcal]# urpmi libpng12_0 Package libpng12_0-1.2.54-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libpng16_16 Package libpng16_16-1.6.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi xv Package xv-3.10a-15.mga5.nonfree.i586 is already installed [root@localhost wilcal]# urpmi gimp Package gimp-2.8.14-4.mga5.i586 is already installed A png file created by a vlc video frame clip can be modified, and saved, by xv as a png file. The same png file can be modified, and saved, by gimp, as a png file. install libpng12_0 & libpng16_16 from updates_testing [root@localhost wilcal]# urpmi libpng12_0 Package libpng12_0-1.2.55-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libpng16_16 Package libpng16_16-1.6.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi xv Package xv-3.10a-15.mga5.nonfree.i586 is already installed [root@localhost wilcal]# urpmi gimp Package gimp-2.8.14-4.mga5.i586 is already installed A png file created by a vlc video frame clip can be modified, and saved, by xv as a png file. The same png file can be modified, and saved, by gimp, as a png file.
CC: (none) => wilcal.intWhiteboard: has_procedure => has_procedure MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Package(s) under test: lib64png12_0 lib64png16_16 default install of lib64png12_0 & lib64png16_16 [root@localhost wilcal]# urpmi lib64png12_0 Package lib64png12_0-1.2.54-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64png16_16 Package lib64png16_16-1.6.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi xv Package xv-3.10a-15.mga5.nonfree.x86_64 is already installed [root@localhost wilcal]# urpmi gimp Package gimp-2.8.14-4.mga5.x86_64 is already installed A png file created by a vlc video frame clip can be modified, and saved, by xv as a png file. The same png file can be modified, and saved, by gimp, as a png file. install lib64png12_0 & lib64png16_16 from updates_testing [root@localhost wilcal]# urpmi lib64png12_0 Package lib64png12_0-1.2.55-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64png16_16 Package lib64png16_16-1.6.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi xv Package xv-3.10a-15.mga5.nonfree.x86_64 is already installed [root@localhost wilcal]# urpmi gimp Package gimp-2.8.14-4.mga5.x86_64 is already installed A png file created by a vlc video frame clip can be modified, and saved, by xv as a png file. The same png file can be modified, and saved, by gimp, as a png file.
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Yeah, go ahead with this update. The fix for CVE-2015-8540 still hasn't landed, so I'll file another bug for that.
Advisory uploaded.
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure advisory MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0473.html
Status: NEW => RESOLVEDResolution: (none) => FIXED