Problems found with existing digests:
Package suse131_libSDL
1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_libdbus
de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_qt4
94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]
Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
openSUSE Security Update: Security update for libpng16
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:0161-1
Rating: important
References: #912076#912929
Cross-References: CVE-2014-9495 CVE-2015-0973
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
libpng was updated to fix some security issues:
* CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with
very wide interlaced images
* CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data
libpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-79
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-79
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
libpng16-16-1.6.13-2.4.1
libpng16-16-debuginfo-1.6.13-2.4.1
libpng16-compat-devel-1.6.13-2.4.1
libpng16-debugsource-1.6.13-2.4.1
libpng16-devel-1.6.13-2.4.1
libpng16-tools-1.6.13-2.4.1
libpng16-tools-debuginfo-1.6.13-2.4.1
- openSUSE 13.2 (x86_64):
libpng16-16-32bit-1.6.13-2.4.1
libpng16-16-debuginfo-32bit-1.6.13-2.4.1
libpng16-compat-devel-32bit-1.6.13-2.4.1
libpng16-devel-32bit-1.6.13-2.4.1
- openSUSE 13.1 (i586 x86_64):
libpng16-16-1.6.6-16.1
libpng16-16-debuginfo-1.6.6-16.1
libpng16-compat-devel-1.6.6-16.1
libpng16-debugsource-1.6.6-16.1
libpng16-devel-1.6.6-16.1
libpng16-tools-1.6.6-16.1
libpng16-tools-debuginfo-1.6.6-16.1
- openSUSE 13.1 (x86_64):
libpng16-16-32bit-1.6.6-16.1
libpng16-16-debuginfo-32bit-1.6.6-16.1
libpng16-compat-devel-32bit-1.6.6-16.1
libpng16-devel-32bit-1.6.6-16.1
References:
http://support.novell.com/security/cve/CVE-2014-9495.htmlhttp://support.novell.com/security/cve/CVE-2015-0973.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=912076https://bugzilla.suse.com/show_bug.cgi?id=912929
update for libpng12
Description:
This libpng12 update fixes the following two security
issues.
- bnc#873123: Fixed integer overflow leading to a
heap-based buffer overflow in png_set_sPLT() and
png_set_text_2() (CVE-2013-7354).
- bnc#873124: Fixed integer overflow leading to a
heap-based buffer overflow in png_set_unknown_chunks()
(CVE-2013-7353).
Bump PKGREVISION.
