Vulnerability-Lookup

CVE-2015-8540 (GCVE-0-2015-8540)

Vulnerability from cvelistv5 – Published: 2016-04-14 14:00 – Updated: 2024-08-06 08:20

Summary

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

19 references

URL	Tags
http://sourceforge.net/projects/libpng/files/libp…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201611-08	vendor-advisoryx_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2015/12/11/2	mailing-listx_refsource_MLIST
http://sourceforge.net/p/libpng/code/ci/d9006f683…	x_refsource_CONFIRM
http://sourceforge.net/projects/libpng/files/libp…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2015/12/10/6	mailing-listx_refsource_MLIST
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://sourceforge.net/projects/libpng/files/libp…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/12/11/1	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2015/12/10/7	mailing-listx_refsource_MLIST
http://sourceforge.net/projects/libpng/files/libp…	x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3443	vendor-advisoryx_refsource_DEBIAN
http://sourceforge.net/p/libpng/bugs/244/	x_refsource_CONFIRM
http://www.securityfocus.com/bid/80592	vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2015/1…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/rf4c02775860…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r58af02e294b…	mailing-listx_refsource_MLIST

Date Public

2015-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:42.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
          },
          {
            "name": "GLSA-201611-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-08"
          },
          {
            "name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
          },
          {
            "name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
          },
          {
            "name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
          },
          {
            "name": "DSA-3443",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3443"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/p/libpng/bugs/244/"
          },
          {
            "name": "80592",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/80592"
          },
          {
            "name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
          },
          {
            "name": "FEDORA-2015-3868cfa17b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:06:22.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
        },
        {
          "name": "GLSA-201611-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-08"
        },
        {
          "name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
        },
        {
          "name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
        },
        {
          "name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
        },
        {
          "name": "DSA-3443",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3443"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/p/libpng/bugs/244/"
        },
        {
          "name": "80592",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/80592"
        },
        {
          "name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
        },
        {
          "name": "FEDORA-2015-3868cfa17b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
            },
            {
              "name": "GLSA-201611-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201611-08"
            },
            {
              "name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
            },
            {
              "name": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
            },
            {
              "name": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
            },
            {
              "name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
            },
            {
              "name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
            },
            {
              "name": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
            },
            {
              "name": "DSA-3443",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3443"
            },
            {
              "name": "http://sourceforge.net/p/libpng/bugs/244/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/p/libpng/bugs/244/"
            },
            {
              "name": "80592",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/80592"
            },
            {
              "name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
            },
            {
              "name": "FEDORA-2015-3868cfa17b",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8540",
    "datePublished": "2016-04-14T14:00:00.000Z",
    "dateReserved": "2015-12-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:20:42.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-8540",
      "date": "2026-05-27",
      "epss": "0.13549",
      "percentile": "0.94323"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC2EDDE6-49F2-41D3-BCB2-F49886A2A170\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8C6E104-EDBC-481E-85B8-D39ED2058D39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB3FB071-FCCC-4425-AFBF-77287C1B8F7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B74C62D-4A6D-4A4F-ADF6-A508322CD447\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E89B38A-3697-46DD-BB3F-E8D2373588BE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C036011A-9AE1-423C-8B73-188B9BA20FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8051459E-94D3-4D4A-9D40-CC9475DDB00C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42056C63-69A7-43CF-828C-0C3E365702D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B6A39A3-7F86-4DC3-B248-859630AFB9A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58377AE3-1C13-4C3F-BC55-8336DAEEF97F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"005C2DA4-D00E-4206-851E-9226D66B5F2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97B17602-0D97-469B-A9B1-30AAC8F758F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"857B664A-C6F9-45E3-93EA-C0F53CEF5C46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DFDA458-74E8-4DEF-B524-A4A8672CB66A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A3E3BF3-4376-4692-A515-A7B6593F28F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B1AC712-110D-458F-B650-930C6D45CA53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F848FA5-9682-454F-A9DE-671C4401F15F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4B83678-98A1-440E-950C-4A27995C7294\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB9EEE31-479A-4370-BF00-C26C1AF502B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95EABD7D-1F18-4FA5-BAA9-F8D69129E531\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65B836CA-3740-48B0-966B-21E65EF3D636\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3988FA1B-18D9-46AA-87BA-A6B01D4F4B25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51A46409-7AC6-45DB-B92D-29988C445BC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09E2B608-6C70-446F-A3A7-369048D99855\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AA00AE0-F447-4361-AA37-0C98BDE491E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"220A02AF-6ADA-4B75-BC81-40B2D847029A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECEB8F61-195E-41DE-90CE-22854055E9D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"111091B9-CBAE-4FC7-8B97-7D2345BFCB45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54C6D9D3-50B2-4A63-B3D1-C76C70F4443E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4110AA74-C69D-45BC-A630-9EE3A2036BD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CAA1090-C1C7-43A2-BD44-065572D226B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FD92305-91BF-4984-A029-8FA83CBF1A12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31EE280F-D76D-478B-ADD6-D5F2C7574A2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"747314F7-A515-41FF-8095-62A9F05F0DEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1BE9ED0-685B-41F0-A984-D33E7034AEA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3F6AD99-7697-47E5-8301-723C16535C76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B00AD3-D13C-45B5-A13A-9092D40F4A63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14222EA8-E8ED-4818-ACB4-C6A13643F210\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A22C28DD-5C99-4722-9093-A1E82A2C2808\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93714B71-6331-4F5A-A12A-B4B80CA2FEC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10CD562E-1F06-4779-A29C-4069E3C86B16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D83D507-64AF-4158-97B9-1353E2F8EE46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*\", \"matchCriteriaId\": \"61B9103F-CD72-4F06-BED1-7AE4AB9E672C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DF6249D-5AA8-4EA3-A92A-0E492FE5B811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDE7F259-40A2-4866-8EF8-44A9913EC4EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFA3EED5-F0AB-4C5C-92D7-B84BFDAA31AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03C20A42-6A77-43D4-80D7-332BB2DF1B66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A0A1B56-0E92-4E81-9B2C-4F9B9D5833EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4CC5DBB-249B-4EED-9F54-E23CB1919ED0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"C10D9119-0FF8-4DFE-8632-A14D9C83CC9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"088A1BDB-BB1A-46B5-898B-23311DE27CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*\", \"matchCriteriaId\": \"C24CA735-6EA6-41E3-A82D-D443BB47806B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CBAA828-F42A-420F-B17E-6FACF6CD483D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D20664A4-4816-4F57-82BB-F4116FA33A41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64226521-0723-4259-B214-0D2A35CF5FBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ABEEBFE-A8C8-40D4-97D8-F06676E67478\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47831D80-33AC-4A13-B92D-3D2CBF215955\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ED428C8-E6AB-4BB1-BE7D-543B2A19410F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00EFBF77-B771-4A52-B4FF-6346F4B69968\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB9D7121-F80E-4F17-A55B-4E404B87B823\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29050958-EFD8-4A79-9022-EF72AAD4EDB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"436F8C71-1780-4DC6-937B-8F1F51C7453D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B79DC5F-5062-4031-BA11-746EE3C8E1CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35F2B503-1516-465D-A558-9932BDB3457D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA94EAAA-A4D2-4E36-BC69-BBE9644FE970\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3A7C96C-8FBB-42B4-937E-3321C939CC87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94084356-D39B-41B2-AC24-0ADAD0BF5988\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"086C6335-7872-46A7-AEB1-9BE5AE5A788C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF8233B1-04A0-4E25-97EE-CF466B48A12E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA714E7E-05EF-4598-9324-887BC66C675E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5CF3B73-D3B9-4D76-B411-C837BCE0806E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1752D91-3468-4E22-B60F-6789B3CBD7B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93E210A7-489B-4EA7-A840-599523157DD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B37565FA-72F5-4063-8D7A-97BC269F020B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC8FA821-818E-4BC7-834B-94EB5C042390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3FBF3D3-95A6-4869-8A69-F0E5ECA40220\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D07785D0-E995-4208-AB8C-43B320D291F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19BBA666-4473-4C6D-BF48-34EF3F09AD7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2763A6C7-DBBA-4E2A-917C-B6FF524B9891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7DECDF8-7742-4D58-99FA-100A01748B05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA4FD3B1-3A68-4122-AA50-31BFC6C50408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45790331-CE26-457F-8649-F027703E73EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B0BFE2D-5C7B-42E0-B783-8C5907CA8635\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CD993C1-70B6-4ACB-B958-94E7EF973A8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C085686C-A0AA-4F56-9E7D-B5CB24B890D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D02A5197-06B9-469E-9817-45BB23324042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EB6BE37-E564-4E42-BE39-36DD301C37A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"314209F2-E0A0-4045-8108-8E7215312442\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11A8ECBB-7E50-4447-88E2-893C1466C251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B8F24A5-F5C3-495F-9AF0-2EE836E0147A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71EF1D77-7838-47DF-B6A2-DBBAC0058FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60DB5A63-E89E-48AB-A846-107EBEC71D67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2181FEEB-D07E-490C-9953-3490D87B63A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DC41DD-A291-4ECE-84B9-574828AA2A80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"015D1E36-17A1-4413-B1FB-5DF4C36712BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEB15BE8-1B88-4117-AF14-3AA2B54DB323\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2CB2728-4CC7-46EA-809B-450A9BB9F884\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96638963-D264-49AD-9B77-497C3DA23DFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88544BBE-29A1-4622-B3E6-FA4B891A9B5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFF819AF-AC11-4BD9-A070-572836A65FB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EEAC62D-BF2B-40DF-9428-FFBF7CA09471\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*\", \"matchCriteriaId\": \"27DFAB04-5C5C-4366-B3FC-C83AAB807F0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36327723-F953-4BD3-A525-930DDCF7931D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*\", \"matchCriteriaId\": \"36F717B1-CC02-4878-9A78-1584074E81C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D482811-2EF1-47AE-A41C-7532AC6DEF31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF26AB67-81F8-4CD2-8E28-BDF9FE2CD58F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D0EE98D-0596-4147-9EC4-F3616BF2B901\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62F15027-0E80-48B7-9ECD-9E7228F0E81B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99904D7E-0046-4481-99B6-01710D4FC848\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AB33B4E-E69A-4002-816C-24CCD49682F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42A4FAF1-4B81-47C4-BFB7-6052524A2DA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"686A50C3-93E1-4C3F-8089-322BE26E6317\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBD67FEF-E6D3-449B-B2E9-14A69AD8E923\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD8B4549-007C-4572-86D9-F51A7B3FC586\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52D5DAA1-3632-48D7-A657-4A4C83A119D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AD36C3B-3C02-488B-B480-EA091D702CA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59BAD272-D4B6-40CE-B5E9-63145E12B638\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EEB311C-766D-4070-A0BE-9CE4593C8F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C185BF59-68E4-49F8-802F-C06FE840FF3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C399B31-B8EC-41C4-B6AB-83BABC474374\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09150152-5DEA-4FA2-9163-63EAF4D83DEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45E5068A-42BE-478B-8C00-FE23B7837DC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"023CCFB0-7995-408E-928A-76C5BD9B4924\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"493F615D-DB81-48B3-9E74-C32544A01372\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2F12925-44F7-4790-8A06-345EB3DCCB71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F5BF226-D62F-4F54-B771-EB108FD256FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2EDBFCB-96DA-4A36-873A-3164975BE997\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACDB15BE-BDD2-4210-B224-A520E8DC7D89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70D3AD38-CCE7-47E6-8225-C0BFC3F10E4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D176C8F-C91F-47C8-AEC8-377324944421\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EF125DE-6BD1-4640-9710-6EE69CD8A871\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE45B563-07B8-4F4E-80B4-C73216DF7295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0303A619-21BE-49DD-8C08-F04DFB31FC73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"197C2166-FCB7-467B-ABF1-E30E7DBD8816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"663DD631-661D-48FA-A090-A18536BA284A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AEDED41-716C-4D7F-9D18-FF4672F51C67\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8BA2974-AF9F-4382-B443-F54354B5623A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE8BC209-45B9-44D6-A26D-0B570ED5BB19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"468B1A0E-AF58-42C4-9801-D6F83F283360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6644ED2F-66F3-469D-8233-72FE7321E850\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"B36D610D-F86A-4D46-B0F2-884FFA601C69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8A976DD-87FA-425D-8E07-E3CFC4D3FD05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F34978D-6ABE-463E-AB48-21CC55B7D157\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"3716FF0E-AD20-46F8-B8F6-3EC42D427C90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5300EC4-B3A0-42C5-8D39-67AB75C47153\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"246CF13F-FDC1-499E-9FC1-5624D54E9E3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC66FD43-421B-4223-BA32-EC47B51E1091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEC9D57C-47F2-4773-85B6-FFB0C4681E0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CD1C8E6-DF35-47F7-877F-001AD62B57CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7712376-D776-4814-A041-FBFEAC70ADC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7CC2E64-E48C-4DE6-892D-06A0B806A51B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65DEDF02-9239-497C-94DB-DAF80B6B4F6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BE62DB2-664D-4E0A-840F-09D13E41704A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CAAECD8-0C16-40CC-BA8A-97DF38BAF668\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84D9B3E6-D32D-4E4B-908A-39FAC3D5F618\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"561D5D7A-1933-4A6D-940E-8DD035AA31B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F2DB1EF-B961-4C56-8519-242419B6AB9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BDE2351-2B17-4C1A-A625-6C7DE691039A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5426F3F0-CF21-45D4-9071-F8F7865A7619\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25147E8F-7385-4393-BE21-E3347610F003\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19C06F50-7C48-4FD6-B0C9-6C9B643742B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA562433-F6F5-46C1-98DE-8309BD940260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.20:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"61FBBD3D-E216-46D3-9D12-6D3732B75E30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AB9178D-DEEF-4D2C-9347-F553312129C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3157A738-20EB-4BE0-A58B-E21DDA64EDC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D70C6B1-2360-48C9-931D-BAED79151DF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29F79896-3EF0-4F53-8EBC-66D811E2C315\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2C8AE4F-0473-4B52-8DB4-31022057FD71\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41D423E1-A542-4E8C-8ABF-B0B0B0C27DD5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento inferior de entero en la funci\\u00f3n png_check_keyword en pngwutil.c en libpng 0.90 hasta la versi\\u00f3n 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.x en versiones anteriores a 1.2.56, 1.3.x y 1.4.x en versiones anteriores a 1.4.19 y 1.5.x en versiones anteriores a 1.5.26 permite a atacantes remotos tener un impacto no especificado a trav\\u00e9s de un car\\u00e1cter de espacio como contrase\\u00f1a en una imagen PNG, lo que desencadena una lectura fuera de rango.\"}]",
      "id": "CVE-2015-8540",
      "lastModified": "2024-11-21T02:38:41.497",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-04-14T14:59:03.287",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/p/libpng/bugs/244/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3443\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/10/6\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/10/7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/11/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/11/2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/17/10\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/80592\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1430\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201611-08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/p/libpng/bugs/244/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/10/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/10/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/11/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/11/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/12/17/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/80592\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201611-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-8540\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-04-14T14:59:03.287\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento inferior de entero en la funci\u00f3n png_check_keyword en pngwutil.c en libpng 0.90 hasta la versi\u00f3n 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.x en versiones anteriores a 1.2.56, 1.3.x y 1.4.x en versiones anteriores a 1.4.19 y 1.5.x en versiones anteriores a 1.5.26 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un car\u00e1cter de espacio como contrase\u00f1a en una imagen PNG, lo que desencadena una lectura fuera de rango.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC2EDDE6-49F2-41D3-BCB2-F49886A2A170\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C6E104-EDBC-481E-85B8-D39ED2058D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB3FB071-FCCC-4425-AFBF-77287C1B8F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B74C62D-4A6D-4A4F-ADF6-A508322CD447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E89B38A-3697-46DD-BB3F-E8D2373588BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C036011A-9AE1-423C-8B73-188B9BA20FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8051459E-94D3-4D4A-9D40-CC9475DDB00C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42056C63-69A7-43CF-828C-0C3E365702D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6A39A3-7F86-4DC3-B248-859630AFB9A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58377AE3-1C13-4C3F-BC55-8336DAEEF97F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"005C2DA4-D00E-4206-851E-9226D66B5F2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97B17602-0D97-469B-A9B1-30AAC8F758F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"857B664A-C6F9-45E3-93EA-C0F53CEF5C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DFDA458-74E8-4DEF-B524-A4A8672CB66A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A3E3BF3-4376-4692-A515-A7B6593F28F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B1AC712-110D-458F-B650-930C6D45CA53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F848FA5-9682-454F-A9DE-671C4401F15F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B83678-98A1-440E-950C-4A27995C7294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB9EEE31-479A-4370-BF00-C26C1AF502B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95EABD7D-1F18-4FA5-BAA9-F8D69129E531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65B836CA-3740-48B0-966B-21E65EF3D636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3988FA1B-18D9-46AA-87BA-A6B01D4F4B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A46409-7AC6-45DB-B92D-29988C445BC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E2B608-6C70-446F-A3A7-369048D99855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA00AE0-F447-4361-AA37-0C98BDE491E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"220A02AF-6ADA-4B75-BC81-40B2D847029A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECEB8F61-195E-41DE-90CE-22854055E9D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"111091B9-CBAE-4FC7-8B97-7D2345BFCB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C6D9D3-50B2-4A63-B3D1-C76C70F4443E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4110AA74-C69D-45BC-A630-9EE3A2036BD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CAA1090-C1C7-43A2-BD44-065572D226B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FD92305-91BF-4984-A029-8FA83CBF1A12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EE280F-D76D-478B-ADD6-D5F2C7574A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"747314F7-A515-41FF-8095-62A9F05F0DEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1BE9ED0-685B-41F0-A984-D33E7034AEA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F6AD99-7697-47E5-8301-723C16535C76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B00AD3-D13C-45B5-A13A-9092D40F4A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14222EA8-E8ED-4818-ACB4-C6A13643F210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A22C28DD-5C99-4722-9093-A1E82A2C2808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93714B71-6331-4F5A-A12A-B4B80CA2FEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CD562E-1F06-4779-A29C-4069E3C86B16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D83D507-64AF-4158-97B9-1353E2F8EE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*\",\"matchCriteriaId\":\"61B9103F-CD72-4F06-BED1-7AE4AB9E672C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF6249D-5AA8-4EA3-A92A-0E492FE5B811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDE7F259-40A2-4866-8EF8-44A9913EC4EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFA3EED5-F0AB-4C5C-92D7-B84BFDAA31AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C20A42-6A77-43D4-80D7-332BB2DF1B66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0A1B56-0E92-4E81-9B2C-4F9B9D5833EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4CC5DBB-249B-4EED-9F54-E23CB1919ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C10D9119-0FF8-4DFE-8632-A14D9C83CC9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088A1BDB-BB1A-46B5-898B-23311DE27CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24CA735-6EA6-41E3-A82D-D443BB47806B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CBAA828-F42A-420F-B17E-6FACF6CD483D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D20664A4-4816-4F57-82BB-F4116FA33A41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64226521-0723-4259-B214-0D2A35CF5FBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ABEEBFE-A8C8-40D4-97D8-F06676E67478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47831D80-33AC-4A13-B92D-3D2CBF215955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED428C8-E6AB-4BB1-BE7D-543B2A19410F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00EFBF77-B771-4A52-B4FF-6346F4B69968\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9D7121-F80E-4F17-A55B-4E404B87B823\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29050958-EFD8-4A79-9022-EF72AAD4EDB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"436F8C71-1780-4DC6-937B-8F1F51C7453D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B79DC5F-5062-4031-BA11-746EE3C8E1CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35F2B503-1516-465D-A558-9932BDB3457D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA94EAAA-A4D2-4E36-BC69-BBE9644FE970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3A7C96C-8FBB-42B4-937E-3321C939CC87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94084356-D39B-41B2-AC24-0ADAD0BF5988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086C6335-7872-46A7-AEB1-9BE5AE5A788C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF8233B1-04A0-4E25-97EE-CF466B48A12E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA714E7E-05EF-4598-9324-887BC66C675E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5CF3B73-D3B9-4D76-B411-C837BCE0806E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1752D91-3468-4E22-B60F-6789B3CBD7B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93E210A7-489B-4EA7-A840-599523157DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B37565FA-72F5-4063-8D7A-97BC269F020B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8FA821-818E-4BC7-834B-94EB5C042390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3FBF3D3-95A6-4869-8A69-F0E5ECA40220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07785D0-E995-4208-AB8C-43B320D291F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19BBA666-4473-4C6D-BF48-34EF3F09AD7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2763A6C7-DBBA-4E2A-917C-B6FF524B9891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7DECDF8-7742-4D58-99FA-100A01748B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA4FD3B1-3A68-4122-AA50-31BFC6C50408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45790331-CE26-457F-8649-F027703E73EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B0BFE2D-5C7B-42E0-B783-8C5907CA8635\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CD993C1-70B6-4ACB-B958-94E7EF973A8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C085686C-A0AA-4F56-9E7D-B5CB24B890D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D02A5197-06B9-469E-9817-45BB23324042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EB6BE37-E564-4E42-BE39-36DD301C37A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314209F2-E0A0-4045-8108-8E7215312442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11A8ECBB-7E50-4447-88E2-893C1466C251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B8F24A5-F5C3-495F-9AF0-2EE836E0147A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71EF1D77-7838-47DF-B6A2-DBBAC0058FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60DB5A63-E89E-48AB-A846-107EBEC71D67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2181FEEB-D07E-490C-9953-3490D87B63A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DC41DD-A291-4ECE-84B9-574828AA2A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"015D1E36-17A1-4413-B1FB-5DF4C36712BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEB15BE8-1B88-4117-AF14-3AA2B54DB323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2CB2728-4CC7-46EA-809B-450A9BB9F884\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96638963-D264-49AD-9B77-497C3DA23DFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88544BBE-29A1-4622-B3E6-FA4B891A9B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFF819AF-AC11-4BD9-A070-572836A65FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EEAC62D-BF2B-40DF-9428-FFBF7CA09471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*\",\"matchCriteriaId\":\"27DFAB04-5C5C-4366-B3FC-C83AAB807F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36327723-F953-4BD3-A525-930DDCF7931D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F717B1-CC02-4878-9A78-1584074E81C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D482811-2EF1-47AE-A41C-7532AC6DEF31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF26AB67-81F8-4CD2-8E28-BDF9FE2CD58F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D0EE98D-0596-4147-9EC4-F3616BF2B901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62F15027-0E80-48B7-9ECD-9E7228F0E81B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99904D7E-0046-4481-99B6-01710D4FC848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB33B4E-E69A-4002-816C-24CCD49682F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A4FAF1-4B81-47C4-BFB7-6052524A2DA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"686A50C3-93E1-4C3F-8089-322BE26E6317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBD67FEF-E6D3-449B-B2E9-14A69AD8E923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8B4549-007C-4572-86D9-F51A7B3FC586\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D5DAA1-3632-48D7-A657-4A4C83A119D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AD36C3B-3C02-488B-B480-EA091D702CA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59BAD272-D4B6-40CE-B5E9-63145E12B638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EEB311C-766D-4070-A0BE-9CE4593C8F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C185BF59-68E4-49F8-802F-C06FE840FF3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C399B31-B8EC-41C4-B6AB-83BABC474374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09150152-5DEA-4FA2-9163-63EAF4D83DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E5068A-42BE-478B-8C00-FE23B7837DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"023CCFB0-7995-408E-928A-76C5BD9B4924\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"493F615D-DB81-48B3-9E74-C32544A01372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F12925-44F7-4790-8A06-345EB3DCCB71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F5BF226-D62F-4F54-B771-EB108FD256FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2EDBFCB-96DA-4A36-873A-3164975BE997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACDB15BE-BDD2-4210-B224-A520E8DC7D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D3AD38-CCE7-47E6-8225-C0BFC3F10E4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D176C8F-C91F-47C8-AEC8-377324944421\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EF125DE-6BD1-4640-9710-6EE69CD8A871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE45B563-07B8-4F4E-80B4-C73216DF7295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0303A619-21BE-49DD-8C08-F04DFB31FC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197C2166-FCB7-467B-ABF1-E30E7DBD8816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"663DD631-661D-48FA-A090-A18536BA284A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AEDED41-716C-4D7F-9D18-FF4672F51C67\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8BA2974-AF9F-4382-B443-F54354B5623A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE8BC209-45B9-44D6-A26D-0B570ED5BB19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"468B1A0E-AF58-42C4-9801-D6F83F283360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6644ED2F-66F3-469D-8233-72FE7321E850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"B36D610D-F86A-4D46-B0F2-884FFA601C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A976DD-87FA-425D-8E07-E3CFC4D3FD05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F34978D-6ABE-463E-AB48-21CC55B7D157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"3716FF0E-AD20-46F8-B8F6-3EC42D427C90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5300EC4-B3A0-42C5-8D39-67AB75C47153\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"246CF13F-FDC1-499E-9FC1-5624D54E9E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC66FD43-421B-4223-BA32-EC47B51E1091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC9D57C-47F2-4773-85B6-FFB0C4681E0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD1C8E6-DF35-47F7-877F-001AD62B57CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7712376-D776-4814-A041-FBFEAC70ADC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7CC2E64-E48C-4DE6-892D-06A0B806A51B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65DEDF02-9239-497C-94DB-DAF80B6B4F6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE62DB2-664D-4E0A-840F-09D13E41704A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CAAECD8-0C16-40CC-BA8A-97DF38BAF668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D9B3E6-D32D-4E4B-908A-39FAC3D5F618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"561D5D7A-1933-4A6D-940E-8DD035AA31B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F2DB1EF-B961-4C56-8519-242419B6AB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BDE2351-2B17-4C1A-A625-6C7DE691039A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5426F3F0-CF21-45D4-9071-F8F7865A7619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25147E8F-7385-4393-BE21-E3347610F003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19C06F50-7C48-4FD6-B0C9-6C9B643742B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA562433-F6F5-46C1-98DE-8309BD940260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.20:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"61FBBD3D-E216-46D3-9D12-6D3732B75E30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AB9178D-DEEF-4D2C-9347-F553312129C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3157A738-20EB-4BE0-A58B-E21DDA64EDC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D70C6B1-2360-48C9-931D-BAED79151DF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F79896-3EF0-4F53-8EBC-66D811E2C315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C8AE4F-0473-4B52-8DB4-31022057FD71\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41D423E1-A542-4E8C-8ABF-B0B0B0C27DD5\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/p/libpng/bugs/244/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3443\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/10/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/10/7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/11/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/11/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/17/10\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/80592\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1430\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201611-08\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/p/libpng/bugs/244/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/10/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/10/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/11/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/11/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/17/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/80592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201611-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2016:0636-1

Vulnerability from csaf_suse - Published: 2016-03-02 18:02 - Updated: 2016-03-02 18:02

Summary

Security update for java-1_7_0-ibm

Severity

Important

Notes

Title of the patch: Security update for java-1_7_0-ibm

Description of the patch: This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package

Patchnames: slessp3-java-1_7_0-ibm-12437

CVE-2015-5041

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2015-7575

5.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-7981

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-8126

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-8472

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-8540

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-0402

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0448

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0466

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0483

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0494

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64	—	Vendor Fix

Threats

Impact important

References

74 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/960402	self
https://bugzilla.suse.com/963937	self
https://www.suse.com/security/cve/CVE-2015-5041/	self
https://www.suse.com/security/cve/CVE-2015-7575/	self
https://www.suse.com/security/cve/CVE-2015-7981/	self
https://www.suse.com/security/cve/CVE-2015-8126/	self
https://www.suse.com/security/cve/CVE-2015-8472/	self
https://www.suse.com/security/cve/CVE-2015-8540/	self
https://www.suse.com/security/cve/CVE-2016-0402/	self
https://www.suse.com/security/cve/CVE-2016-0448/	self
https://www.suse.com/security/cve/CVE-2016-0466/	self
https://www.suse.com/security/cve/CVE-2016-0483/	self
https://www.suse.com/security/cve/CVE-2016-0494/	self
https://www.suse.com/security/cve/CVE-2015-5041	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2015-7575	external
https://bugzilla.suse.com/959888	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/960996	external
https://bugzilla.suse.com/961280	external
https://bugzilla.suse.com/961281	external
https://bugzilla.suse.com/961282	external
https://bugzilla.suse.com/961283	external
https://bugzilla.suse.com/961284	external
https://bugzilla.suse.com/961290	external
https://bugzilla.suse.com/961357	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://bugzilla.suse.com/967521	external
https://bugzilla.suse.com/981087	external
https://www.suse.com/security/cve/CVE-2015-7981	external
https://bugzilla.suse.com/952051	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2015-8126	external
https://bugzilla.suse.com/954980	external
https://bugzilla.suse.com/958198	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://bugzilla.suse.com/969333	external
https://www.suse.com/security/cve/CVE-2015-8472	external
https://bugzilla.suse.com/954980	external
https://bugzilla.suse.com/958198	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2015-8540	external
https://bugzilla.suse.com/1149680	external
https://bugzilla.suse.com/958791	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0402	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0448	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0466	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0483	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0494	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for java-1_7_0-ibm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937):\n\n- CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances\n- CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials\n- CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information\n- CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions\n- CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions\n- CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n- CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact\n- CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information\n- CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service\n- CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact\n- CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact\n\nThe following bugs were fixed:\n\n- bsc#960402: resolve package conflicts in devel package\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp3-java-1_7_0-ibm-12437",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0636-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0636-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160636-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0636-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001910.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 960402",
        "url": "https://bugzilla.suse.com/960402"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 963937",
        "url": "https://bugzilla.suse.com/963937"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5041 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5041/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7981 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7981/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8126 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8472 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8472/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8540 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0402 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0402/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0448 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0448/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0466 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0466/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0483 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0494 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0494/"
      }
    ],
    "title": "Security update for java-1_7_0-ibm",
    "tracking": {
      "current_release_date": "2016-03-02T18:02:18Z",
      "generator": {
        "date": "2016-03-02T18:02:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0636-1",
      "initial_release_date": "2016-03-02T18:02:18Z",
      "revision_history": [
        {
          "date": "2016-03-02T18:02:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
                "product": {
                  "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
                  "product_id": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
                "product": {
                  "name": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
                  "product_id": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
                "product": {
                  "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
                  "product_id": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
                "product": {
                  "name": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
                  "product_id": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
                "product": {
                  "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
                  "product_id": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
                "product": {
                  "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
                  "product_id": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
                "product": {
                  "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
                  "product_id": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
                "product": {
                  "name": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
                  "product_id": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
                "product": {
                  "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
                  "product_id": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64",
                "product": {
                  "name": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64",
                  "product_id": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586"
        },
        "product_reference": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x"
        },
        "product_reference": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64"
        },
        "product_reference": "java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586"
        },
        "product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64"
        },
        "product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586"
        },
        "product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x"
        },
        "product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64"
        },
        "product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586"
        },
        "product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        },
        "product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-5041",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5041"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5041",
          "url": "https://www.suse.com/security/cve/CVE-2015-5041"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-5041",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-5041",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-5041"
    },
    {
      "cve": "CVE-2015-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7575",
          "url": "https://www.suse.com/security/cve/CVE-2015-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959888 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/959888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960996 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/960996"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961280 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961280"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961281 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961282 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961282"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961283 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961283"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961284 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961284"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961290 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961290"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961357 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961357"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/963937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 967521 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/967521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 981087 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/981087"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7575"
    },
    {
      "cve": "CVE-2015-7981",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7981"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7981",
          "url": "https://www.suse.com/security/cve/CVE-2015-7981"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 952051 for CVE-2015-7981",
          "url": "https://bugzilla.suse.com/952051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-7981",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-7981",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7981"
    },
    {
      "cve": "CVE-2015-8126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8126",
          "url": "https://www.suse.com/security/cve/CVE-2015-8126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954980 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/954980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958198 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/958198"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/963937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969333 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/969333"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8126"
    },
    {
      "cve": "CVE-2015-8472",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8472"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8472",
          "url": "https://www.suse.com/security/cve/CVE-2015-8472"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954980 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/954980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958198 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/958198"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8472"
    },
    {
      "cve": "CVE-2015-8540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8540",
          "url": "https://www.suse.com/security/cve/CVE-2015-8540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/1149680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958791 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/958791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8540"
    },
    {
      "cve": "CVE-2016-0402",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0402"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0402",
          "url": "https://www.suse.com/security/cve/CVE-2016-0402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0402",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0402",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0402",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0402"
    },
    {
      "cve": "CVE-2016-0448",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0448"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0448",
          "url": "https://www.suse.com/security/cve/CVE-2016-0448"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0448",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0448",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0448",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0448"
    },
    {
      "cve": "CVE-2016-0466",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0466"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0466",
          "url": "https://www.suse.com/security/cve/CVE-2016-0466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0466",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0466",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0466",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0466"
    },
    {
      "cve": "CVE-2016-0483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0483",
          "url": "https://www.suse.com/security/cve/CVE-2016-0483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0483",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0483",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0483",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0483"
    },
    {
      "cve": "CVE-2016-0494",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0494"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0494",
          "url": "https://www.suse.com/security/cve/CVE-2016-0494"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0494",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0494",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.30-47.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.30-47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-02T18:02:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0494"
    }
  ]
}

SUSE-SU-2016:0770-1

Vulnerability from csaf_suse - Published: 2016-03-15 12:58 - Updated: 2016-03-15 12:58

Summary

Security update for java-1_6_0-ibm

Severity

Important

Notes

Title of the patch: Security update for java-1_6_0-ibm

Description of the patch: This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage

Patchnames: slessp3-java-1_6_0-ibm-12453

CVE-2015-5041

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2015-7575

5.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-7981

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-8126

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-8472

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2015-8540

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-0402

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0448

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0466

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0483

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-0494

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64	—	Vendor Fix

Threats

Impact important

References

75 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/960286	self
https://bugzilla.suse.com/960402	self
https://bugzilla.suse.com/963937	self
https://www.suse.com/security/cve/CVE-2015-5041/	self
https://www.suse.com/security/cve/CVE-2015-7575/	self
https://www.suse.com/security/cve/CVE-2015-7981/	self
https://www.suse.com/security/cve/CVE-2015-8126/	self
https://www.suse.com/security/cve/CVE-2015-8472/	self
https://www.suse.com/security/cve/CVE-2015-8540/	self
https://www.suse.com/security/cve/CVE-2016-0402/	self
https://www.suse.com/security/cve/CVE-2016-0448/	self
https://www.suse.com/security/cve/CVE-2016-0466/	self
https://www.suse.com/security/cve/CVE-2016-0483/	self
https://www.suse.com/security/cve/CVE-2016-0494/	self
https://www.suse.com/security/cve/CVE-2015-5041	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2015-7575	external
https://bugzilla.suse.com/959888	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/960996	external
https://bugzilla.suse.com/961280	external
https://bugzilla.suse.com/961281	external
https://bugzilla.suse.com/961282	external
https://bugzilla.suse.com/961283	external
https://bugzilla.suse.com/961284	external
https://bugzilla.suse.com/961290	external
https://bugzilla.suse.com/961357	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://bugzilla.suse.com/967521	external
https://bugzilla.suse.com/981087	external
https://www.suse.com/security/cve/CVE-2015-7981	external
https://bugzilla.suse.com/952051	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2015-8126	external
https://bugzilla.suse.com/954980	external
https://bugzilla.suse.com/958198	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://bugzilla.suse.com/969333	external
https://www.suse.com/security/cve/CVE-2015-8472	external
https://bugzilla.suse.com/954980	external
https://bugzilla.suse.com/958198	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2015-8540	external
https://bugzilla.suse.com/1149680	external
https://bugzilla.suse.com/958791	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0402	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0448	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0466	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0483	external
https://bugzilla.suse.com/960402	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-0494	external
https://bugzilla.suse.com/962743	external
https://bugzilla.suse.com/963937	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for java-1_6_0-ibm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937)\n\n- CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances\n- CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials\n- CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information\n- CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions\n- CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions\n- CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n- CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact\n- CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information\n- CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service\n- CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact\n- CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact\n\nThe following bugs were fixed:\n\n- bsc#960402: resolve package conflicts in devel package\n- bsc#960286: resolve package conflicts in the fonts subpackage\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp3-java-1_6_0-ibm-12453",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0770-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0770-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160770-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0770-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001941.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 960286",
        "url": "https://bugzilla.suse.com/960286"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 960402",
        "url": "https://bugzilla.suse.com/960402"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 963937",
        "url": "https://bugzilla.suse.com/963937"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5041 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5041/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7981 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7981/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8126 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8472 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8472/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8540 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0402 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0402/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0448 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0448/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0466 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0466/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0483 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0494 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0494/"
      }
    ],
    "title": "Security update for java-1_6_0-ibm",
    "tracking": {
      "current_release_date": "2016-03-15T12:58:15Z",
      "generator": {
        "date": "2016-03-15T12:58:15Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0770-1",
      "initial_release_date": "2016-03-15T12:58:15Z",
      "revision_history": [
        {
          "date": "2016-03-15T12:58:15Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
                "product": {
                  "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
                  "product_id": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
                "product": {
                  "name": "java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
                  "product_id": "java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
                "product": {
                  "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
                  "product_id": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
                "product": {
                  "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
                  "product_id": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
                "product": {
                  "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
                  "product_id": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
                "product": {
                  "name": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
                  "product_id": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
                "product": {
                  "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
                  "product_id": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
                "product": {
                  "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
                  "product_id": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
                "product": {
                  "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
                  "product_id": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
                "product": {
                  "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
                  "product_id": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
                "product": {
                  "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
                  "product_id": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
                "product": {
                  "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
                  "product_id": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
                "product": {
                  "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
                  "product_id": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
                "product": {
                  "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
                  "product_id": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64",
                "product": {
                  "name": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64",
                  "product_id": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586"
        },
        "product_reference": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x"
        },
        "product_reference": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64"
        },
        "product_reference": "java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586"
        },
        "product_reference": "java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586"
        },
        "product_reference": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x"
        },
        "product_reference": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64"
        },
        "product_reference": "java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586"
        },
        "product_reference": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x"
        },
        "product_reference": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64"
        },
        "product_reference": "java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586"
        },
        "product_reference": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x"
        },
        "product_reference": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64"
        },
        "product_reference": "java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586"
        },
        "product_reference": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        },
        "product_reference": "java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-5041",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5041"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5041",
          "url": "https://www.suse.com/security/cve/CVE-2015-5041"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-5041",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-5041",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-5041"
    },
    {
      "cve": "CVE-2015-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7575",
          "url": "https://www.suse.com/security/cve/CVE-2015-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959888 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/959888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960996 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/960996"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961280 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961280"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961281 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961282 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961282"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961283 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961283"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961284 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961284"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961290 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961290"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961357 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/961357"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/963937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 967521 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/967521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 981087 for CVE-2015-7575",
          "url": "https://bugzilla.suse.com/981087"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7575"
    },
    {
      "cve": "CVE-2015-7981",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7981"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7981",
          "url": "https://www.suse.com/security/cve/CVE-2015-7981"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 952051 for CVE-2015-7981",
          "url": "https://bugzilla.suse.com/952051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-7981",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-7981",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7981"
    },
    {
      "cve": "CVE-2015-8126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8126",
          "url": "https://www.suse.com/security/cve/CVE-2015-8126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954980 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/954980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958198 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/958198"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/963937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969333 for CVE-2015-8126",
          "url": "https://bugzilla.suse.com/969333"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8126"
    },
    {
      "cve": "CVE-2015-8472",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8472"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8472",
          "url": "https://www.suse.com/security/cve/CVE-2015-8472"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954980 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/954980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958198 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/958198"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8472",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8472"
    },
    {
      "cve": "CVE-2015-8540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8540",
          "url": "https://www.suse.com/security/cve/CVE-2015-8540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/1149680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958791 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/958791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8540"
    },
    {
      "cve": "CVE-2016-0402",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0402"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0402",
          "url": "https://www.suse.com/security/cve/CVE-2016-0402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0402",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0402",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0402",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0402"
    },
    {
      "cve": "CVE-2016-0448",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0448"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0448",
          "url": "https://www.suse.com/security/cve/CVE-2016-0448"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0448",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0448",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0448",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0448"
    },
    {
      "cve": "CVE-2016-0466",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0466"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0466",
          "url": "https://www.suse.com/security/cve/CVE-2016-0466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0466",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0466",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0466",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0466"
    },
    {
      "cve": "CVE-2016-0483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0483",
          "url": "https://www.suse.com/security/cve/CVE-2016-0483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960402 for CVE-2016-0483",
          "url": "https://bugzilla.suse.com/960402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0483",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0483",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0483"
    },
    {
      "cve": "CVE-2016-0494",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0494"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0494",
          "url": "https://www.suse.com/security/cve/CVE-2016-0494"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962743 for CVE-2016-0494",
          "url": "https://bugzilla.suse.com/962743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2016-0494",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-alsa-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-devel-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-fonts-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-jdbc-1.6.0_sr16.20-51.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_6_0-ibm-plugin-1.6.0_sr16.20-51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T12:58:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0494"
    }
  ]
}

SUSE-SU-2017:0860-1

Vulnerability from csaf_suse - Published: 2017-03-29 13:40 - Updated: 2017-03-29 13:40

Summary

Security update for libpng12

Severity

Moderate

Notes

Title of the patch: Security update for libpng12

Description of the patch: This update for libpng12 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)

Patchnames: SUSE-SLE-DESKTOP-12-SP1-2017-482,SUSE-SLE-DESKTOP-12-SP2-2017-482,SUSE-SLE-RPI-12-SP2-2017-482,SUSE-SLE-SDK-12-SP1-2017-482,SUSE-SLE-SDK-12-SP2-2017-482,SUSE-SLE-SERVER-12-SP1-2017-482,SUSE-SLE-SERVER-12-SP2-2017-482

CVE-2015-8540

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-10087

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64	—	Vendor Fix

Threats

Impact low

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1017646	self
https://bugzilla.suse.com/958791	self
https://www.suse.com/security/cve/CVE-2015-8540/	self
https://www.suse.com/security/cve/CVE-2016-10087/	self
https://www.suse.com/security/cve/CVE-2015-8540	external
https://bugzilla.suse.com/1149680	external
https://bugzilla.suse.com/958791	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-10087	external
https://bugzilla.suse.com/1017646	external
https://bugzilla.suse.com/1149680	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libpng12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for libpng12 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2015-8540: read underflow in libpng (bsc#958791)\n- CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2017-482,SUSE-SLE-DESKTOP-12-SP2-2017-482,SUSE-SLE-RPI-12-SP2-2017-482,SUSE-SLE-SDK-12-SP1-2017-482,SUSE-SLE-SDK-12-SP2-2017-482,SUSE-SLE-SERVER-12-SP1-2017-482,SUSE-SLE-SERVER-12-SP2-2017-482",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0860-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:0860-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170860-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:0860-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-March/002749.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1017646",
        "url": "https://bugzilla.suse.com/1017646"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 958791",
        "url": "https://bugzilla.suse.com/958791"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8540 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10087 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10087/"
      }
    ],
    "title": "Security update for libpng12",
    "tracking": {
      "current_release_date": "2017-03-29T13:40:41Z",
      "generator": {
        "date": "2017-03-29T13:40:41Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:0860-1",
      "initial_release_date": "2017-03-29T13:40:41Z",
      "revision_history": [
        {
          "date": "2017-03-29T13:40:41Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.50-19.1.aarch64",
                "product": {
                  "name": "libpng12-0-1.2.50-19.1.aarch64",
                  "product_id": "libpng12-0-1.2.50-19.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-compat-devel-1.2.50-19.1.aarch64",
                "product": {
                  "name": "libpng12-compat-devel-1.2.50-19.1.aarch64",
                  "product_id": "libpng12-compat-devel-1.2.50-19.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-devel-1.2.50-19.1.aarch64",
                "product": {
                  "name": "libpng12-devel-1.2.50-19.1.aarch64",
                  "product_id": "libpng12-devel-1.2.50-19.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng12-compat-devel-1.2.50-19.1.ppc64le",
                "product": {
                  "name": "libpng12-compat-devel-1.2.50-19.1.ppc64le",
                  "product_id": "libpng12-compat-devel-1.2.50-19.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-devel-1.2.50-19.1.ppc64le",
                "product": {
                  "name": "libpng12-devel-1.2.50-19.1.ppc64le",
                  "product_id": "libpng12-devel-1.2.50-19.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.50-19.1.ppc64le",
                "product": {
                  "name": "libpng12-0-1.2.50-19.1.ppc64le",
                  "product_id": "libpng12-0-1.2.50-19.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng12-compat-devel-1.2.50-19.1.s390x",
                "product": {
                  "name": "libpng12-compat-devel-1.2.50-19.1.s390x",
                  "product_id": "libpng12-compat-devel-1.2.50-19.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-devel-1.2.50-19.1.s390x",
                "product": {
                  "name": "libpng12-devel-1.2.50-19.1.s390x",
                  "product_id": "libpng12-devel-1.2.50-19.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.50-19.1.s390x",
                "product": {
                  "name": "libpng12-0-1.2.50-19.1.s390x",
                  "product_id": "libpng12-0-1.2.50-19.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-32bit-1.2.50-19.1.s390x",
                "product": {
                  "name": "libpng12-0-32bit-1.2.50-19.1.s390x",
                  "product_id": "libpng12-0-32bit-1.2.50-19.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.50-19.1.x86_64",
                "product": {
                  "name": "libpng12-0-1.2.50-19.1.x86_64",
                  "product_id": "libpng12-0-1.2.50-19.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-32bit-1.2.50-19.1.x86_64",
                "product": {
                  "name": "libpng12-0-32bit-1.2.50-19.1.x86_64",
                  "product_id": "libpng12-0-32bit-1.2.50-19.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-compat-devel-1.2.50-19.1.x86_64",
                "product": {
                  "name": "libpng12-compat-devel-1.2.50-19.1.x86_64",
                  "product_id": "libpng12-compat-devel-1.2.50-19.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-devel-1.2.50-19.1.x86_64",
                "product": {
                  "name": "libpng12-devel-1.2.50-19.1.x86_64",
                  "product_id": "libpng12-devel-1.2.50-19.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-compat-devel-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-compat-devel-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-devel-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-devel-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.50-19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.50-19.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8540",
          "url": "https://www.suse.com/security/cve/CVE-2015-8540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/1149680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958791 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/958791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-29T13:40:41Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8540"
    },
    {
      "cve": "CVE-2016-10087",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10087"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10087",
          "url": "https://www.suse.com/security/cve/CVE-2016-10087"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1017646 for CVE-2016-10087",
          "url": "https://bugzilla.suse.com/1017646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2016-10087",
          "url": "https://bugzilla.suse.com/1149680"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng12-0-32bit-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libpng12-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-compat-devel-1.2.50-19.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:libpng12-devel-1.2.50-19.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-29T13:40:41Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-10087"
    }
  ]
}

SUSE-SU-2017:0901-1

Vulnerability from csaf_suse - Published: 2017-03-31 09:47 - Updated: 2017-03-31 09:47

Summary

Security update for libpng12-0

Severity

Moderate

Notes

Title of the patch: Security update for libpng12-0

Description of the patch: This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)

Patchnames: sdksp4-libpng12-0-13045,slessp4-libpng12-0-13045

CVE-2015-8540

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-10087

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64	—	Vendor Fix

Threats

Impact low

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1017646	self
https://bugzilla.suse.com/958791	self
https://www.suse.com/security/cve/CVE-2015-8540/	self
https://www.suse.com/security/cve/CVE-2016-10087/	self
https://www.suse.com/security/cve/CVE-2015-8540	external
https://bugzilla.suse.com/1149680	external
https://bugzilla.suse.com/958791	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-10087	external
https://bugzilla.suse.com/1017646	external
https://bugzilla.suse.com/1149680	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libpng12-0",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for libpng12-0 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2015-8540: read underflow in libpng (bsc#958791)\n- CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-libpng12-0-13045,slessp4-libpng12-0-13045",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0901-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:0901-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170901-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:0901-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-March/002778.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1017646",
        "url": "https://bugzilla.suse.com/1017646"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 958791",
        "url": "https://bugzilla.suse.com/958791"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8540 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10087 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10087/"
      }
    ],
    "title": "Security update for libpng12-0",
    "tracking": {
      "current_release_date": "2017-03-31T09:47:51Z",
      "generator": {
        "date": "2017-03-31T09:47:51Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:0901-1",
      "initial_release_date": "2017-03-31T09:47:51Z",
      "revision_history": [
        {
          "date": "2017-03-31T09:47:51Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-devel-1.2.31-5.43.1.i586",
                "product": {
                  "name": "libpng-devel-1.2.31-5.43.1.i586",
                  "product_id": "libpng-devel-1.2.31-5.43.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.31-5.43.1.i586",
                "product": {
                  "name": "libpng12-0-1.2.31-5.43.1.i586",
                  "product_id": "libpng12-0-1.2.31-5.43.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-devel-1.2.31-5.43.1.ia64",
                "product": {
                  "name": "libpng-devel-1.2.31-5.43.1.ia64",
                  "product_id": "libpng-devel-1.2.31-5.43.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.31-5.43.1.ia64",
                "product": {
                  "name": "libpng12-0-1.2.31-5.43.1.ia64",
                  "product_id": "libpng12-0-1.2.31-5.43.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-x86-1.2.31-5.43.1.ia64",
                "product": {
                  "name": "libpng12-0-x86-1.2.31-5.43.1.ia64",
                  "product_id": "libpng12-0-x86-1.2.31-5.43.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-devel-1.2.31-5.43.1.ppc64",
                "product": {
                  "name": "libpng-devel-1.2.31-5.43.1.ppc64",
                  "product_id": "libpng-devel-1.2.31-5.43.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-32bit-1.2.31-5.43.1.ppc64",
                "product": {
                  "name": "libpng-devel-32bit-1.2.31-5.43.1.ppc64",
                  "product_id": "libpng-devel-32bit-1.2.31-5.43.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.31-5.43.1.ppc64",
                "product": {
                  "name": "libpng12-0-1.2.31-5.43.1.ppc64",
                  "product_id": "libpng12-0-1.2.31-5.43.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-32bit-1.2.31-5.43.1.ppc64",
                "product": {
                  "name": "libpng12-0-32bit-1.2.31-5.43.1.ppc64",
                  "product_id": "libpng12-0-32bit-1.2.31-5.43.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-devel-1.2.31-5.43.1.s390x",
                "product": {
                  "name": "libpng-devel-1.2.31-5.43.1.s390x",
                  "product_id": "libpng-devel-1.2.31-5.43.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-32bit-1.2.31-5.43.1.s390x",
                "product": {
                  "name": "libpng-devel-32bit-1.2.31-5.43.1.s390x",
                  "product_id": "libpng-devel-32bit-1.2.31-5.43.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.31-5.43.1.s390x",
                "product": {
                  "name": "libpng12-0-1.2.31-5.43.1.s390x",
                  "product_id": "libpng12-0-1.2.31-5.43.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-32bit-1.2.31-5.43.1.s390x",
                "product": {
                  "name": "libpng12-0-32bit-1.2.31-5.43.1.s390x",
                  "product_id": "libpng12-0-32bit-1.2.31-5.43.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-devel-1.2.31-5.43.1.x86_64",
                "product": {
                  "name": "libpng-devel-1.2.31-5.43.1.x86_64",
                  "product_id": "libpng-devel-1.2.31-5.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-32bit-1.2.31-5.43.1.x86_64",
                "product": {
                  "name": "libpng-devel-32bit-1.2.31-5.43.1.x86_64",
                  "product_id": "libpng-devel-32bit-1.2.31-5.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-1.2.31-5.43.1.x86_64",
                "product": {
                  "name": "libpng12-0-1.2.31-5.43.1.x86_64",
                  "product_id": "libpng12-0-1.2.31-5.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng12-0-32bit-1.2.31-5.43.1.x86_64",
                "product": {
                  "name": "libpng12-0-32bit-1.2.31-5.43.1.x86_64",
                  "product_id": "libpng12-0-32bit-1.2.31-5.43.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-1.2.31-5.43.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586"
        },
        "product_reference": "libpng-devel-1.2.31-5.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-1.2.31-5.43.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64"
        },
        "product_reference": "libpng-devel-1.2.31-5.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-1.2.31-5.43.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64"
        },
        "product_reference": "libpng-devel-1.2.31-5.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-1.2.31-5.43.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x"
        },
        "product_reference": "libpng-devel-1.2.31-5.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-1.2.31-5.43.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64"
        },
        "product_reference": "libpng-devel-1.2.31-5.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-32bit-1.2.31-5.43.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64"
        },
        "product_reference": "libpng-devel-32bit-1.2.31-5.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-32bit-1.2.31-5.43.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x"
        },
        "product_reference": "libpng-devel-32bit-1.2.31-5.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-32bit-1.2.31-5.43.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
        },
        "product_reference": "libpng-devel-32bit-1.2.31-5.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.31-5.43.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64"
        },
        "product_reference": "libpng12-0-32bit-1.2.31-5.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.31-5.43.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x"
        },
        "product_reference": "libpng12-0-32bit-1.2.31-5.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.31-5.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.31-5.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-x86-1.2.31-5.43.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64"
        },
        "product_reference": "libpng12-0-x86-1.2.31-5.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-1.2.31-5.43.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64"
        },
        "product_reference": "libpng12-0-1.2.31-5.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.31-5.43.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64"
        },
        "product_reference": "libpng12-0-32bit-1.2.31-5.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.31-5.43.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x"
        },
        "product_reference": "libpng12-0-32bit-1.2.31-5.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-32bit-1.2.31-5.43.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64"
        },
        "product_reference": "libpng12-0-32bit-1.2.31-5.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng12-0-x86-1.2.31-5.43.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64"
        },
        "product_reference": "libpng12-0-x86-1.2.31-5.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8540",
          "url": "https://www.suse.com/security/cve/CVE-2015-8540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/1149680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958791 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/958791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-31T09:47:51Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8540"
    },
    {
      "cve": "CVE-2016-10087",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10087"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10087",
          "url": "https://www.suse.com/security/cve/CVE-2016-10087"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1017646 for CVE-2016-10087",
          "url": "https://bugzilla.suse.com/1017646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2016-10087",
          "url": "https://bugzilla.suse.com/1149680"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-32bit-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpng12-0-x86-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.43.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-31T09:47:51Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-10087"
    }
  ]
}

SUSE-SU-2017:0950-1

Vulnerability from csaf_suse - Published: 2017-04-06 09:36 - Updated: 2017-04-06 09:36

Summary

Security update for libpng15

Severity

Moderate

Notes

Title of the patch: Security update for libpng15

Description of the patch: This update for libpng15 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)

Patchnames: SUSE-SLE-DESKTOP-12-SP1-2017-548,SUSE-SLE-DESKTOP-12-SP2-2017-548,SUSE-SLE-RPI-12-SP2-2017-548,SUSE-SLE-SERVER-12-SP1-2017-548,SUSE-SLE-SERVER-12-SP2-2017-548

CVE-2015-8540

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-10087

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64	—	Vendor Fix

Threats

Impact low

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1017646	self
https://bugzilla.suse.com/958791	self
https://www.suse.com/security/cve/CVE-2015-8540/	self
https://www.suse.com/security/cve/CVE-2016-10087/	self
https://www.suse.com/security/cve/CVE-2015-8540	external
https://bugzilla.suse.com/1149680	external
https://bugzilla.suse.com/958791	external
https://bugzilla.suse.com/963937	external
https://www.suse.com/security/cve/CVE-2016-10087	external
https://bugzilla.suse.com/1017646	external
https://bugzilla.suse.com/1149680	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libpng15",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for libpng15 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2015-8540: read underflow in libpng (bsc#958791)\n- CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2017-548,SUSE-SLE-DESKTOP-12-SP2-2017-548,SUSE-SLE-RPI-12-SP2-2017-548,SUSE-SLE-SERVER-12-SP1-2017-548,SUSE-SLE-SERVER-12-SP2-2017-548",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0950-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:0950-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170950-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:0950-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002787.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1017646",
        "url": "https://bugzilla.suse.com/1017646"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 958791",
        "url": "https://bugzilla.suse.com/958791"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8540 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10087 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10087/"
      }
    ],
    "title": "Security update for libpng15",
    "tracking": {
      "current_release_date": "2017-04-06T09:36:47Z",
      "generator": {
        "date": "2017-04-06T09:36:47Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:0950-1",
      "initial_release_date": "2017-04-06T09:36:47Z",
      "revision_history": [
        {
          "date": "2017-04-06T09:36:47Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng15-15-1.5.22-9.1.aarch64",
                "product": {
                  "name": "libpng15-15-1.5.22-9.1.aarch64",
                  "product_id": "libpng15-15-1.5.22-9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng15-15-1.5.22-9.1.ppc64le",
                "product": {
                  "name": "libpng15-15-1.5.22-9.1.ppc64le",
                  "product_id": "libpng15-15-1.5.22-9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng15-15-1.5.22-9.1.s390x",
                "product": {
                  "name": "libpng15-15-1.5.22-9.1.s390x",
                  "product_id": "libpng15-15-1.5.22-9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng15-15-1.5.22-9.1.x86_64",
                "product": {
                  "name": "libpng15-15-1.5.22-9.1.x86_64",
                  "product_id": "libpng15-15-1.5.22-9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng15-15-1.5.22-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
        },
        "product_reference": "libpng15-15-1.5.22-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8540",
          "url": "https://www.suse.com/security/cve/CVE-2015-8540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/1149680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958791 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/958791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963937 for CVE-2015-8540",
          "url": "https://bugzilla.suse.com/963937"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-04-06T09:36:47Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8540"
    },
    {
      "cve": "CVE-2016-10087",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10087"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10087",
          "url": "https://www.suse.com/security/cve/CVE-2016-10087"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1017646 for CVE-2016-10087",
          "url": "https://bugzilla.suse.com/1017646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149680 for CVE-2016-10087",
          "url": "https://bugzilla.suse.com/1149680"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpng15-15-1.5.22-9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpng15-15-1.5.22-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-04-06T09:36:47Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-10087"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-8540 (GCVE-0-2015-8540)

SUSE-SU-2016:0636-1

SUSE-SU-2016:0770-1

SUSE-SU-2017:0860-1

SUSE-SU-2017:0901-1

SUSE-SU-2017:0950-1

Tags

Sightings

Nomenclature