var-201511-0126
Vulnerability from variot
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. A buffer overflow vulnerability exists in libpng's 'png_set_PLTE' and 'png_get_PLTE' functions. 6) - i386, x86_64
- ============================================================================ Ubuntu Security Notice USN-2815-1 November 19, 2015
libpng vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
libpng could be made to crash or run programs as your login if it opened a specially crafted file. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-3425)
Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. (CVE-2015-7981)
It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8126)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libpng12-0 1.2.51-0ubuntu3.15.10.1
Ubuntu 15.04: libpng12-0 1.2.51-0ubuntu3.15.04.1
Ubuntu 14.04 LTS: libpng12-0 1.2.50-1ubuntu2.14.04.1
Ubuntu 12.04 LTS: libpng12-0 1.2.46-3ubuntu4.1
After a standard system update you need to restart your session to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2016:0099-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0099.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 =====================================================================
- Summary:
Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64
- Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494)
Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.
All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm
ppc64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm
s390x: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Client Supplementary (v. 7):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 7):
ppc64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64.rpm
ppc64le: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm
s390x: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.s390x.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 7):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2015-8540 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWsMJfXlSAg2UNWIIRArTCAKCFip8hWmQOb8eehCM0Y8CLbk2B1ACbBc+i CzP3qtAPz0FpC4vXlhIcXOg= =235r -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Gentoo Linux Security Advisory GLSA 201611-08
https://security.gentoo.org/
Severity: Normal Title: libpng: Multiple vulnerabilities Date: November 15, 2016 Bugs: #564244, #565678, #568216 ID: 201611-08
Synopsis
Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service.
Background
libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several other programs, including web browsers and potentially server processes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/libpng < 1.6.21 >= 1.2.56 >= 1.5.26 >= 1.6.21
Description
Multiple vulnerabilities were found in libpng. Please review the referenced CVE=E2=80=99s for additional information.
Impact
Remote attackers could cause a Denial of Service condition or have other unspecified impacts.
Workaround
There is no known workaround at this time.
Resolution
All libpng 1.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.56"
All libpng 1.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.26"
All libpng 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.21"
References
[ 1 ] CVE-2015-7981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7981 [ 2 ] CVE-2015-8126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126 [ 3 ] CVE-2015-8540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8540
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201611-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
CVE-2015-8126
Joerg Bornemann discovered multiple buffer overflow issues in the
libpng library.
CVE-2016-1630
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in Blink/Webkit.
CVE-2016-1631
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in the Pepper Plugin API.
CVE-2016-1632
A bad cast was discovered.
CVE-2016-1633
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
CVE-2016-1634
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
CVE-2016-1635
Rob Wu discovered a use-after-free issue in Blink/Webkit.
CVE-2016-1636
A way to bypass SubResource Integrity validation was discovered.
CVE-2016-1637
Keve Nagy discovered an information leak in the skia library.
CVE-2016-1638
Rob Wu discovered a WebAPI bypass issue.
CVE-2016-1639
Khalil Zhani discovered a use-after-free issue in the WebRTC
implementation.
CVE-2016-1640
Luan Herrera discovered an issue with the Extensions user interface.
CVE-2016-1641
Atte Kettunen discovered a use-after-free issue in the handling of
favorite icons.
CVE-2016-1642
The chrome 49 development team found and fixed various issues
during internal auditing. Also multiple issues were fixed in
the v8 javascript library, version 4.9.385.26.
For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.75-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.75-1.
We recommend that you upgrade your chromium-browser packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "22"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.4"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.19"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "21"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.24"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.17"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.0.64"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.54"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.1.1"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.7"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.5.24"
},
{
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.6.x"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 to 10.11.3"
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.1.x"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.6.19"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7 update 91"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6 update 105"
},
{
"model": "application server for developers",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7 update 91"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6 update 105"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.5.x"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.4.17"
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "java se",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "embedded 8 update 65"
},
{
"model": "developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8 update 66"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8 update 66"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for plug-in"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.4.x"
},
{
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.2.x"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.2.54"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.3.x"
},
{
"model": "application server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.11.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.19",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.5.24",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.17",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.54",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.64",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135338"
}
],
"trust": 0.5
},
"cve": "CVE-2015-8126",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8126",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-86087",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8126",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-246",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86087",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-8126",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. A buffer overflow vulnerability exists in libpng\u0027s \u0027png_set_PLTE\u0027 and \u0027png_get_PLTE\u0027 functions. 6) - i386, x86_64\n\n3. ============================================================================\nUbuntu Security Notice USN-2815-1\nNovember 19, 2015\n\nlibpng vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nlibpng could be made to crash or run programs as your login if it\nopened a specially crafted file. If a user or automated system using libpng were tricked into\nopening a specially crafted image, an attacker could exploit this to cause\nlibpng to crash, leading to a denial of service. This issue only affected\nUbuntu 12.04 LTS. (CVE-2012-3425)\n\nQixue Xiao discovered that libpng incorrectly handled certain time values. \nIf a user or automated system using libpng were tricked into opening a\nspecially crafted image, an attacker could exploit this to cause libpng to\ncrash, leading to a denial of service. (CVE-2015-7981)\n\nIt was discovered that libpng incorrectly handled certain small bit-depth\nvalues. If a user or automated system using libpng were tricked into\nopening a specially crafted image, an attacker could exploit this to cause\na denial of service or execute code with the privileges of the user\ninvoking the program. (CVE-2015-8126)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libpng12-0 1.2.51-0ubuntu3.15.10.1\n\nUbuntu 15.04:\n libpng12-0 1.2.51-0ubuntu3.15.04.1\n\nUbuntu 14.04 LTS:\n libpng12-0 1.2.50-1ubuntu2.14.04.1\n\nUbuntu 12.04 LTS:\n libpng12-0 1.2.46-3ubuntu4.1\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.1-ibm security update\nAdvisory ID: RHSA-2016:0099-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0099.html\nIssue date: 2016-02-02\nCVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 \n CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 \n CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 \n CVE-2016-0483 CVE-2016-0494 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.1-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6 and 7 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981,\nCVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448,\nCVE-2016-0466, CVE-2016-0483, CVE-2016-0494)\n\nNote: This update also disallows the use of the MD5 hash algorithm in the\ncertification path processing. The use of MD5 can be re-enabled by removing\nMD5 from the jdk.certpath.disabledAlgorithms security property defined in\nthe java.security file. \n\nAll users of java-1.7.1-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7R1 SR3-FP30 release. All running\ninstances of IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123\n1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions\n1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)\n1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword()\n1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)\n1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)\n1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)\n1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)\n1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)\n1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\n\nppc64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\n\ns390x:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Supplementary (v. 7):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 7):\n\nppc64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.ppc.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\n\nppc64le:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\n\ns390x:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.s390x.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 7):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5041\nhttps://access.redhat.com/security/cve/CVE-2015-7575\nhttps://access.redhat.com/security/cve/CVE-2015-7981\nhttps://access.redhat.com/security/cve/CVE-2015-8126\nhttps://access.redhat.com/security/cve/CVE-2015-8472\nhttps://access.redhat.com/security/cve/CVE-2015-8540\nhttps://access.redhat.com/security/cve/CVE-2016-0402\nhttps://access.redhat.com/security/cve/CVE-2016-0448\nhttps://access.redhat.com/security/cve/CVE-2016-0466\nhttps://access.redhat.com/security/cve/CVE-2016-0483\nhttps://access.redhat.com/security/cve/CVE-2016-0494\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWsMJfXlSAg2UNWIIRArTCAKCFip8hWmQOb8eehCM0Y8CLbk2B1ACbBc+i\nCzP3qtAPz0FpC4vXlhIcXOg=\n=235r\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201611-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libpng: Multiple vulnerabilities\n Date: November 15, 2016\n Bugs: #564244, #565678, #568216\n ID: 201611-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libpng, the worst of which\nmay allow remote attackers to cause Denial of Service. \n\nBackground\n==========\n\nlibpng is a standard library used to process PNG (Portable Network\nGraphics) images. It is used by several other programs, including web\nbrowsers and potentially server processes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/libpng \u003c 1.6.21 *\u003e= 1.2.56\n *\u003e= 1.5.26\n \u003e= 1.6.21\n\nDescription\n===========\n\nMultiple vulnerabilities were found in libpng. Please review the\nreferenced CVE=E2=80=99s for additional information. \n\nImpact\n======\n\nRemote attackers could cause a Denial of Service condition or have\nother unspecified impacts. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng 1.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.2.56\"\n\nAll libpng 1.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.5.26\"\n\nAll libpng 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.6.21\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7981\n[ 2 ] CVE-2015-8126\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126\n[ 3 ] CVE-2015-8540\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8540\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nCVE-2015-8126\n\n Joerg Bornemann discovered multiple buffer overflow issues in the\n libpng library. \n\nCVE-2016-1630\n\n Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in Blink/Webkit. \n\nCVE-2016-1631\n\n Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in the Pepper Plugin API. \n\nCVE-2016-1632\n\n A bad cast was discovered. \n\nCVE-2016-1633\n\n cloudfuzzer discovered a use-after-free issue in Blink/Webkit. \n\nCVE-2016-1634\n\n cloudfuzzer discovered a use-after-free issue in Blink/Webkit. \n\nCVE-2016-1635\n\n Rob Wu discovered a use-after-free issue in Blink/Webkit. \n\nCVE-2016-1636\n\n A way to bypass SubResource Integrity validation was discovered. \n\nCVE-2016-1637\n\n Keve Nagy discovered an information leak in the skia library. \n\nCVE-2016-1638\n\n Rob Wu discovered a WebAPI bypass issue. \n\nCVE-2016-1639\n\n Khalil Zhani discovered a use-after-free issue in the WebRTC\n implementation. \n\nCVE-2016-1640\n\n Luan Herrera discovered an issue with the Extensions user interface. \n\nCVE-2016-1641\n\n Atte Kettunen discovered a use-after-free issue in the handling of\n favorite icons. \n\nCVE-2016-1642\n\n The chrome 49 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.9.385.26. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.75-1~deb8u1. \n\nFor the testing distribution (stretch), these problems will be fixed soon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.75-1. \n\nWe recommend that you upgrade your chromium-browser packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8126"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "134452"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "139733"
},
{
"db": "PACKETSTORM",
"id": "135338"
},
{
"db": "PACKETSTORM",
"id": "136095"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-86087",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8126",
"trust": 3.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/11/12/2",
"trust": 2.6
},
{
"db": "BID",
"id": "77568",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1034142",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10148",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136095",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135338",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "134720",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89794",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86087",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-8126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135556",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134452",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135557",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139733",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "134452"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "139733"
},
{
"db": "PACKETSTORM",
"id": "135338"
},
{
"db": "PACKETSTORM",
"id": "136095"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"id": "VAR-201511-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:00:43.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206167"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206167"
},
{
"title": "Issue 560291",
"trust": 0.8,
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=560291"
},
{
"title": "Stable Channel Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2016/03/stable-channel-update.html"
},
{
"title": "HS16-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs16-003/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
},
{
"title": "January 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://libpng.sourceforge.net/"
},
{
"title": "TLSA-2016-11",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-11j.html"
},
{
"title": "HS16-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-003/index.html"
},
{
"title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/oracle/20160120.html"
},
{
"title": "libpng Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58735"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/01/20/oracle_q1_2016_patch_release/"
},
{
"title": "Red Hat: Moderate: libpng12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152595 - security advisory"
},
{
"title": "Red Hat: Moderate: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152596 - security advisory"
},
{
"title": "Red Hat: Moderate: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152594 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2015-8126: buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=48ea0ad3686f0e21036476817f732c90"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: CVE-2015-7981: out-of-bound read",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=83b375e2e219a2891fcbdacbafaee367"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2815-1"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=386e683fecec564e81371b5dca873869"
},
{
"title": "Debian Security Advisories: DSA-3399-1 libpng -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6c419f27840ce87aab71c3d89dad3813"
},
{
"title": "Amazon Linux AMI: ALAS-2015-611",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-611"
},
{
"title": "Red Hat: CVE-2015-8126",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8126"
},
{
"title": "Debian Security Advisories: DSA-3443-1 libpng -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=57e4bc5fc071e2986f7cef65414ffe23"
},
{
"title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
},
{
"title": "cheque",
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/cheque "
},
{
"title": "clair-lab",
"trust": 0.1,
"url": "https://github.com/sjourdan/clair-lab "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/77568"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0057.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2815-1"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"trust": 1.8,
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172769.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172620.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172663.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172324.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172823.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172797.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172647.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177382.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177344.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2594.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2595.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2596.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0055.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0056.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2016:1430"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034142"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10148"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8126"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160120-jre.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160005.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8126"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-8126"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0448"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0448"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0466"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0483"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0483"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0402"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0494"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0466"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0402"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2015-8472"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0494"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-7575"
},
{
"trust": 0.4,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-5041"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-8540"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-7981"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10148"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:2595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/cheque"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43864"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2815-1/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0100.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0098.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0101.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu4.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3425"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.10.1"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0099.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8126"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7981"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1639"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1642"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1637"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "134452"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "139733"
},
{
"db": "PACKETSTORM",
"id": "135338"
},
{
"db": "PACKETSTORM",
"id": "136095"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "134452"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "139733"
},
{
"db": "PACKETSTORM",
"id": "135338"
},
{
"db": "PACKETSTORM",
"id": "136095"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-86087"
},
{
"date": "2015-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"date": "2015-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"date": "2016-02-02T16:43:57",
"db": "PACKETSTORM",
"id": "135555"
},
{
"date": "2016-02-02T16:44:07",
"db": "PACKETSTORM",
"id": "135556"
},
{
"date": "2016-02-02T16:44:18",
"db": "PACKETSTORM",
"id": "135558"
},
{
"date": "2015-11-20T00:42:48",
"db": "PACKETSTORM",
"id": "134452"
},
{
"date": "2016-02-02T16:44:12",
"db": "PACKETSTORM",
"id": "135557"
},
{
"date": "2016-11-15T16:48:40",
"db": "PACKETSTORM",
"id": "139733"
},
{
"date": "2016-01-21T14:47:29",
"db": "PACKETSTORM",
"id": "135338"
},
{
"date": "2016-03-07T15:09:16",
"db": "PACKETSTORM",
"id": "136095"
},
{
"date": "2015-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"date": "2015-11-13T03:59:05.917000",
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-86087"
},
{
"date": "2020-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"date": "2016-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005911"
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"date": "2022-05-13T14:57:21.083000",
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139733"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libpng of png_set_PLTE and png_get_PLTE Buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
],
"trust": 0.6
}
}
Loading...