IBM Support

Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472 CVE-2015-7981 CVE-2015-8126)

Created by Brian Bedard on
Published URL:
https://www.ibm.com/support/pages/node/868562
868562

Security Bulletin


Summary

NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng.

Vulnerability Details

Summary

NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng.

Vulnerability Details

CVE-ID: CVE-2015-8472

Description: libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_get_PLTE() and png_set_PLTE() functions. By persuading a victim to open a specially crafted PNG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS Base Score: 6.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/109392 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVE-ID: CVE-2015-8126

Description: libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions. By persuading a victim to open a specially-crafted PNG file, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVSS Base Score: 7.8
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/108010 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVE-ID: CVE-2015-7981

Description: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information.

CVSS Base Score: 5.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/107740 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products, Version and Systems

Product Affected Version
NVIDIA for Linux OS 32-bit 361.42
NVIDIA for Linux OS 64-bit 361.42

System/Vulnerable to CVE CVE-2015-8472 CVE-2015-7981 CVE-2015-8126
BladeCenter HS22 x x x
BladeCenter HS23/HS23E na x x
BladeCenter HS22V x na na
Flex System x220 M4 x x x
Flex System x240 M4 x x x
iDataPlex dx360 M2 na x x
iDataPlex dx360 M3 x x x
iDataPlex dx360 M4 x x x
iDataPlex dx360 M4 Water Cooled na x x
NeXtScale nx360 M4 x x x
System x3500 M2 na x x
System x3550 M2 na x x
System x3650 M2 na x x
System x3500 M3 na x x
System x3550 M3 x x x
System x3630 M3 x x x
System x3650 M3 x x x
System x3100 M4 na x x
System x3300 M4 x x x
System x3500 M4 x x x
System x3530 M4 x x x
System x3550 M4 x x x
System x3630 M4 x x x
System x3650 M4 x x x
System x3650 M4 BD x x x
System x3650 M4 HD x x x

Remediation/Fixes

Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/

Product Fixed Version
NVIDIA for Linux OS 32-bit
(nvda_dd_video_367.27_linux_i386)		 367.27
NVIDIA for Linux OS 64-bit
(nvda_dd_video_367.27_linux_x86-64)		 367.27

You should verify applying this fix does not cause any compatibility issues.

Workarounds and Mitigations

None.

References

Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None.

Change History
07 September, 2016: Original Version Published

* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

On

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

Operating System

BladeCenter:Operating system independent / None

System x:Operating system independent / None

PureFlex System and Flex System:Operating system independent / None

[{"Type":"HW","Business Unit":{"code":"BU056","label":"Miscellaneous"},"Product":{"code":"HW21Q","label":"BladeCenter HS22"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW232","label":"BladeCenter->BladeCenter HS22V"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW239","label":"BladeCenter->BladeCenter HS23"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW23F","label":"BladeCenter->BladeCenter HS23E"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW31U","label":"System x->System x iDataPlex dx360 M2 server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94B","label":"PureFlex System and Flex System->x220 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94D","label":"PureFlex System and Flex System - x240 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX20","label":"System x->System x3500 M2"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX30","label":"System x->System x3550 M2"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX40","label":"System x->System x3650 M2"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX80","label":"System x->System x3500 M3"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX81","label":"System x->System x3500 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX82","label":"System x->System x3530 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX90","label":"System x->System x3550 M3"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX91","label":"System x->System x3550 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA0","label":"System x->System x3650 M3"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA3","label":"System x->System x3650 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HWXA4","label":"System x->System x3650 M4 HD"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA5","label":"System x->System x3650 M4 BD"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA7","label":"System x->NeXtScale nx360 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXF0","label":"System x->System x iDataPlex dx360 M3 server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXF6","label":"System x->System x iDataPlex dx360 M4 server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG4","label":"System x->System x3300 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXH0","label":"System x->System x3630 M3"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXH1","label":"System x->System x3630 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXK0","label":"System x->System x3100 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
18 April 2023

UID

ibm1MIGR-5099457

Page Feedback