Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-56)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120411

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-56)

Resumen: The remote host is missing an update for the 'libpng' package(s) announced via the ALAS-2012-56 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libpng' package(s) announced via the ALAS-2012-56 advisory.

Vulnerability Insight:
A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3045)

Affected Software/OS:
'libpng' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3045
Debian Security Information: DSA-2439 (Google Search)
http://www.debian.org/security/2012/dsa-2439
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763
RedHat Security Advisories: RHSA-2012:0407
http://rhn.redhat.com/errata/RHSA-2012-0407.html
RedHat Security Advisories: RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://www.securitytracker.com/id?1026823
http://secunia.com/advisories/48320
http://secunia.com/advisories/48485
http://secunia.com/advisories/48512
http://secunia.com/advisories/48554
http://secunia.com/advisories/49660
SuSE Security Announcement: openSUSE-SU-2012:0432 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html
SuSE Security Announcement: openSUSE-SU-2012:0466 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120411
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-56)
Resumen:	The remote host is missing an update for the 'libpng' package(s) announced via the ALAS-2012-56 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libpng' package(s) announced via the ALAS-2012-56 advisory. Vulnerability Insight: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3045) Affected Software/OS: 'libpng' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3045 Debian Security Information: DSA-2439 (Google Search) http://www.debian.org/security/2012/dsa-2439 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 RedHat Security Advisories: RHSA-2012:0407 http://rhn.redhat.com/errata/RHSA-2012-0407.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html http://www.securitytracker.com/id?1026823 http://secunia.com/advisories/48320 http://secunia.com/advisories/48485 http://secunia.com/advisories/48512 http://secunia.com/advisories/48554 http://secunia.com/advisories/49660 SuSE Security Announcement: openSUSE-SU-2012:0432 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html SuSE Security Announcement: openSUSE-SU-2012:0466 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
Copyright	Copyright (C) 2015 Greenbone AG