English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75096 CVE Beschreibungen
und 39644 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.67084
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2010:063 (libpng)
Zusammenfassung:Mandriva Security Advisory MDVSA-2010:063 (libpng)
Beschreibung:The remote host is missing an update to libpng
announced via advisory MDVSA-2010:063.

Multiple vulnerabilities has been found and corrected in libpng:

libpng before 1.2.37 does not properly parse 1-bit interlaced images
with width values that are not divisible by 8, which causes libpng
to include uninitialized bits in certain rows of a PNG file and
might allow remote attackers to read portions of sensitive memory
via out-of-bounds pixels in the file (CVE-2009-2042).

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before
1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly
handle compressed ancillary-chunk data that has a disproportionately
large uncompressed representation, which allows remote attackers to
cause a denial of service (memory and CPU consumption, and application
hang) via a crafted PNG file, as demonstrated by use of the deflate
compression method on data composed of many occurrences of the same
character, related to a decompression bomb attack (CVE-2010-0205).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Affected: 2008.0, Corporate 4.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:063

Risk factor : High
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2042
Bugtraq: 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Debian Security Information: DSA-2032 (Google Search)
http://www.debian.org/security/2010/dsa-2032
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html
http://security.gentoo.org/glsa/glsa-200906-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809
http://ubuntu.com/usn/usn-913-1
BugTraq ID: 35233
http://www.securityfocus.com/bid/35233
http://secunia.com/advisories/35346
http://secunia.com/advisories/35470
http://secunia.com/advisories/35524
http://secunia.com/advisories/35594
http://secunia.com/advisories/39206
http://secunia.com/advisories/39215
http://secunia.com/advisories/39251
http://www.vupen.com/english/advisories/2009/1510
http://www.vupen.com/english/advisories/2010/0637
http://www.vupen.com/english/advisories/2010/0847
http://www.vupen.com/english/advisories/2010/0682
XForce ISS Database: libpng-interlaced-image-info-disclosure(50966)
http://xforce.iss.net/xforce/xfdb/50966
Common Vulnerability Exposure (CVE) ID: CVE-2010-0205
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:064
SuSE Security Announcement: SUSE-SR:2010:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
CERT/CC vulnerability note: VU#576029
http://www.kb.cert.org/vuls/id/576029
BugTraq ID: 38478
http://www.securityfocus.com/bid/38478
http://osvdb.org/62670
http://www.securitytracker.com/id?1023674
http://secunia.com/advisories/38774
http://secunia.com/advisories/41574
http://www.vupen.com/english/advisories/2010/0605
http://www.vupen.com/english/advisories/2010/0626
http://www.vupen.com/english/advisories/2010/0517
http://www.vupen.com/english/advisories/2010/0667
http://www.vupen.com/english/advisories/2010/0686
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/2491
XForce ISS Database: libpng-pngdecompresschunk-dos(56661)
http://xforce.iss.net/xforce/xfdb/56661
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39644 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.