Test Kennung:	1.3.6.1.4.1.25623.1.0.51356
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2004:856
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2004:856. libpng[1] is a library for manipulating PNG image format files. Chris Evans found several vulnerabilities in unpatched libpng versions pior to 1.0.16rc1 and 1.2.6rc1: 1. Buffer overflow[2] vulnerabilities which could allow a remote attacker to execute arbitrary code via a malicious PNG image. 2. NULL-pointer reference[3] vulnerabilities that could allow a remote attacker to cause an application to crash via a malicious PNG image. 3. Integer overflow[4] vulnerabilities that could allow a remote attacker to cause an application to crash via a malicious PNG image. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.libpng.org/pub/png/libpng.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:856 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0597 http://lists.apple.com/mhonarc/security-announce/msg00056.html BugTraq ID: 10857 http://www.securityfocus.com/bid/10857 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 Bugtraq: 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) (Google Search) http://marc.info/?l=bugtraq&m=109163866717909&w=2 Bugtraq: 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit (Google Search) http://marc.info/?l=bugtraq&m=110796779903455&w=2 Cert/CC Advisory: TA04-217A http://www.us-cert.gov/cas/techalerts/TA04-217A.html Cert/CC Advisory: TA05-039A http://www.us-cert.gov/cas/techalerts/TA05-039A.html CERT/CC vulnerability note: VU#388984 http://www.kb.cert.org/vuls/id/388984 CERT/CC vulnerability note: VU#817368 http://www.kb.cert.org/vuls/id/817368 Conectiva Linux advisory: CLA-2004:856 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856 Debian Security Information: DSA-536 (Google Search) http://www.debian.org/security/2004/dsa-536 https://bugzilla.fedora.us/show_bug.cgi?id=1943 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml HPdes Security Advisory: SSRT4778 http://marc.info/?l=bugtraq&m=109181639602978&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2004:079 http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 http://scary.beasts.org/security/CESA-2004-001.txt http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10 Microsoft Security Bulletin: MS05-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709 http://www.redhat.com/support/errata/RHSA-2004-402.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.redhat.com/support/errata/RHSA-2004-429.html SCO Security Bulletin: SCOSA-2004.16 http://marc.info/?l=bugtraq&m=109761239318458&w=2 SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/22957 http://secunia.com/advisories/22958 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1 SuSE Security Announcement: SUSE-SA:2004:023 (Google Search) http://www.novell.com/linux/security/advisories/2004_23_libpng.html http://www.trustix.net/errata/2004/0040/ XForce ISS Database: libpng-pnghandle-bo(16894) https://exchange.xforce.ibmcloud.com/vulnerabilities/16894 Common Vulnerability Exposure (CVE) ID: CVE-2004-0598 CERT/CC vulnerability note: VU#236656 http://www.kb.cert.org/vuls/id/236656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572 XForce ISS Database: libpng-pnghandleiccp-dos(16895) https://exchange.xforce.ibmcloud.com/vulnerabilities/16895 Common Vulnerability Exposure (CVE) ID: CVE-2004-0599 CERT/CC vulnerability note: VU#160448 http://www.kb.cert.org/vuls/id/160448 CERT/CC vulnerability note: VU#286464 http://www.kb.cert.org/vuls/id/286464 CERT/CC vulnerability note: VU#477512 http://www.kb.cert.org/vuls/id/477512 Debian Security Information: DSA-570 (Google Search) http://www.debian.org/security/2004/dsa-570 Debian Security Information: DSA-571 (Google Search) http://www.debian.org/security/2004/dsa-571 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479 XForce ISS Database: lilbpng-integer-bo(16896) https://exchange.xforce.ibmcloud.com/vulnerabilities/16896
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.