Test Kennung:	1.3.6.1.4.1.25623.1.0.67361
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: png
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: png CVE-2010-0205 The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a 'decompression bomb' attack. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0205 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 38478 http://www.securityfocus.com/bid/38478 CERT/CC vulnerability note: VU#576029 http://www.kb.cert.org/vuls/id/576029 Debian Security Information: DSA-2032 (Google Search) http://www.debian.org/security/2010/dsa-2032 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:063 http://www.mandriva.com/security/advisories?name=MDVSA-2010:064 http://lists.vmware.com/pipermail/security-announce/2010/000105.html http://osvdb.org/62670 http://www.securitytracker.com/id?1023674 http://secunia.com/advisories/38774 http://secunia.com/advisories/39251 http://secunia.com/advisories/41574 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://ubuntu.com/usn/usn-913-1 http://www.vupen.com/english/advisories/2010/0517 http://www.vupen.com/english/advisories/2010/0605 http://www.vupen.com/english/advisories/2010/0626 http://www.vupen.com/english/advisories/2010/0637 http://www.vupen.com/english/advisories/2010/0667 http://www.vupen.com/english/advisories/2010/0682 http://www.vupen.com/english/advisories/2010/0686 http://www.vupen.com/english/advisories/2010/0847 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/2491 XForce ISS Database: libpng-pngdecompresschunk-dos(56661) https://exchange.xforce.ibmcloud.com/vulnerabilities/56661
Copyright	Copyright (C) 2010 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.