Bug 204551 - graphics/png: buffer overflows in libpng 1.6.18 (CVE-2015-8126)
Summary: graphics/png: buffer overflows in libpng 1.6.18 (CVE-2015-8126)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Bernard Spil
URL: https://reviews.freebsd.org/D4164
Keywords: security
Depends on:
Blocks:
 
Reported: 2015-11-14 21:21 UTC by Walter Hop
Modified: 2015-11-17 03:12 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback-
koobs: merge-quarterly+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Walter Hop 2015-11-14 21:21:17 UTC
"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng [...] before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126

http://www.openwall.com/lists/oss-security/2015/11/12/2

Assuming it might be usable for exploitation, I would recommend bumping the port soon.
Comment 1 Antoine Brodin freebsd_committer 2015-11-14 21:39:31 UTC
libpng website is down and sourceforge is in in Disaster Recovery mode (and doesn't have 1.6.19 yet),  so this update will have to wait a few hours I guess..
Comment 2 Bernard Spil freebsd_committer 2015-11-15 11:09:39 UTC
This is now handled in Phabricator
https://reviews.freebsd.org/D4164
Comment 3 commit-hook freebsd_committer 2015-11-15 11:41:26 UTC
A commit references this bug:

Author: antoine
Date: Sun Nov 15 11:41:02 UTC 2015
New revision: 401693
URL: https://svnweb.freebsd.org/changeset/ports/401693

Log:
  Update to 1.6.19

  PR:		204551
  MFH:		2015Q4
  Security:	CVE-2015-8126

Changes:
  head/graphics/png/Makefile
  head/graphics/png/distinfo
  head/graphics/png/pkg-plist
Comment 4 commit-hook freebsd_committer 2015-11-15 11:43:28 UTC
A commit references this bug:

Author: antoine
Date: Sun Nov 15 11:43:12 UTC 2015
New revision: 401694
URL: https://svnweb.freebsd.org/changeset/ports/401694

Log:
  MFH: r401693

  Update to 1.6.19

  PR:		204551
  Security:	CVE-2015-8126

Changes:
_U  branches/2015Q4/
  branches/2015Q4/graphics/png/Makefile
  branches/2015Q4/graphics/png/distinfo
  branches/2015Q4/graphics/png/pkg-plist
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-17 03:12:02 UTC
security/vuxml change committed by brnrd@ in r401719 [1] but PR: not referenced.

[1] http://svnweb.freebsd.org/changeset/ports/401719

CC committer that resolved.