Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0205

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56257

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0205

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0205.

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-0481 to this issue.

Please note that the vunerable libpng function is only used by TeTeX and
XEmacs on Red Hat Enterprise Linux 4.

All users of libpng are advised to update to these updated packages which
contain a backported patch that is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0205.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 16626
Common Vulnerability Exposure (CVE) ID: CVE-2006-0481
1015615
http://securitytracker.com/id?1015615
1015617
http://securitytracker.com/id?1015617
16626
http://www.securityfocus.com/bid/16626
18654
http://secunia.com/advisories/18654
18863
http://secunia.com/advisories/18863
33137
http://secunia.com/advisories/33137
ADV-2006-0393
http://www.vupen.com/english/advisories/2006/0393
GLSA-200812-15
http://security.gentoo.org/glsa/glsa-200812-15.xml
RHSA-2006:0205
http://www.redhat.com/support/errata/RHSA-2006-0205.html
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455
libpng-pngsetstripalpha-bo(24396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24396
oval:org.mitre.oval:def:10780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56257
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0205
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0205. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-0481 to this issue. Please note that the vunerable libpng function is only used by TeTeX and XEmacs on Red Hat Enterprise Linux 4. All users of libpng are advised to update to these updated packages which contain a backported patch that is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0205.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 16626 Common Vulnerability Exposure (CVE) ID: CVE-2006-0481 1015615 http://securitytracker.com/id?1015615 1015617 http://securitytracker.com/id?1015617 16626 http://www.securityfocus.com/bid/16626 18654 http://secunia.com/advisories/18654 18863 http://secunia.com/advisories/18863 33137 http://secunia.com/advisories/33137 ADV-2006-0393 http://www.vupen.com/english/advisories/2006/0393 GLSA-200812-15 http://security.gentoo.org/glsa/glsa-200812-15.xml RHSA-2006:0205 http://www.redhat.com/support/errata/RHSA-2006-0205.html ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455 libpng-pngsetstripalpha-bo(24396) https://exchange.xforce.ibmcloud.com/vulnerabilities/24396 oval:org.mitre.oval:def:10780 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com