Test ID:	1.3.6.1.4.1.25623.1.0.842538
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2815-1)
Summary:	The remote host is missing an update for the 'libpng' package(s) announced via the USN-2815-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libpng' package(s) announced via the USN-2815-1 advisory. Vulnerability Insight: Mikulas Patocka discovered that libpng incorrectly handled certain large fields. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-3425) Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. (CVE-2015-7981) It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8126) Affected Software/OS: 'libpng' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.04, Ubuntu 15.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3425 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8 http://www.openwall.com/lists/oss-security/2012/07/24/3 http://www.openwall.com/lists/oss-security/2012/07/24/5 SuSE Security Announcement: openSUSE-SU-2012:0934 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html http://www.ubuntu.com/usn/USN-2815-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7981 BugTraq ID: 77304 http://www.securityfocus.com/bid/77304 Debian Security Information: DSA-3399 (Google Search) http://www.debian.org/security/2015/dsa-3399 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html https://security.gentoo.org/glsa/201611-08 http://www.openwall.com/lists/oss-security/2015/10/26/1 http://www.openwall.com/lists/oss-security/2015/10/26/3 RedHat Security Advisories: RHSA-2015:2594 http://rhn.redhat.com/errata/RHSA-2015-2594.html RedHat Security Advisories: RHSA-2015:2595 http://rhn.redhat.com/errata/RHSA-2015-2595.html RedHat Security Advisories: RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430 http://www.securitytracker.com/id/1034393 SuSE Security Announcement: openSUSE-SU-2015:2099 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html SuSE Security Announcement: openSUSE-SU-2015:2136 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8126 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 77568 http://www.securityfocus.com/bid/77568 Debian Security Information: DSA-3507 (Google Search) http://www.debian.org/security/2016/dsa-3507 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html https://security.gentoo.org/glsa/201603-09 http://www.openwall.com/lists/oss-security/2015/11/12/2 RedHat Security Advisories: RHSA-2015:2596 http://rhn.redhat.com/errata/RHSA-2015-2596.html RedHat Security Advisories: RHSA-2016:0055 http://rhn.redhat.com/errata/RHSA-2016-0055.html RedHat Security Advisories: RHSA-2016:0056 http://rhn.redhat.com/errata/RHSA-2016-0056.html RedHat Security Advisories: RHSA-2016:0057 http://rhn.redhat.com/errata/RHSA-2016-0057.html http://www.securitytracker.com/id/1034142 SuSE Security Announcement: SUSE-SU-2016:0256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html SuSE Security Announcement: SUSE-SU-2016:0265 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html SuSE Security Announcement: SUSE-SU-2016:0269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html SuSE Security Announcement: SUSE-SU-2016:0665 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html SuSE Security Announcement: openSUSE-SU-2015:2100 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html SuSE Security Announcement: openSUSE-SU-2015:2135 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html SuSE Security Announcement: openSUSE-SU-2015:2262 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html SuSE Security Announcement: openSUSE-SU-2015:2263 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html SuSE Security Announcement: openSUSE-SU-2016:0103 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:0104 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:0105 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html SuSE Security Announcement: openSUSE-SU-2016:0263 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html SuSE Security Announcement: openSUSE-SU-2016:0268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html SuSE Security Announcement: openSUSE-SU-2016:0272 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:0279 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html SuSE Security Announcement: openSUSE-SU-2016:0664 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html SuSE Security Announcement: openSUSE-SU-2016:0684 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:0729 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.