Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:152

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51239

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2002:152

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2002:152.

Updated libpng packages are available that fix a buffer overflow vulnerability.

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format.

Versions of libpng prior to 1.0.14 contain a buffer overflow in the
progressive reader when the PNG datastream contains more IDAT data than
indicated by the IHDR chunk. Such deliberately malformed datastreams would
crash applications linked to libpng such as Mozilla that use the
progressive reading feature.

Packages within Red Hat Linux Advanced Server , such as Mozilla, make use
of the shared libpng library, therefore all users are advised to upgrade to
the errata packages which contain libpng 1.0.14. Libpng 1.0.14 is not
vulnerable to this issue and contains fixes for other bugs including a
number of memory leaks.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-152.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-0660
Debian Security Information: DSA-140 (Google Search)
https://www.debian.org/security/2002/dsa-140
RedHat Security Advisories: RHSA-2002:151
http://rhn.redhat.com/errata/RHSA-2002-151.html
RedHat Security Advisories: RHSA-2002:152
http://rhn.redhat.com/errata/RHSA-2002-152.html
Common Vulnerability Exposure (CVE) ID: CVE-2002-0728
Conectiva Linux advisory: CLA-2002:512
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512
http://www.debian.org/security/2002/dsa-140
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51239
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:152
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:152. Updated libpng packages are available that fix a buffer overflow vulnerability. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. Versions of libpng prior to 1.0.14 contain a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications linked to libpng such as Mozilla that use the progressive reading feature. Packages within Red Hat Linux Advanced Server , such as Mozilla, make use of the shared libpng library, therefore all users are advised to upgrade to the errata packages which contain libpng 1.0.14. Libpng 1.0.14 is not vulnerable to this issue and contains fixes for other bugs including a number of memory leaks. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-152.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0660 Debian Security Information: DSA-140 (Google Search) https://www.debian.org/security/2002/dsa-140 RedHat Security Advisories: RHSA-2002:151 http://rhn.redhat.com/errata/RHSA-2002-151.html RedHat Security Advisories: RHSA-2002:152 http://rhn.redhat.com/errata/RHSA-2002-152.html Common Vulnerability Exposure (CVE) ID: CVE-2002-0728 Conectiva Linux advisory: CLA-2002:512 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512 http://www.debian.org/security/2002/dsa-140 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com