Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200607-06 (libpng)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57843

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200607-06 (libpng)

Resumen: The remote host is missing updates announced in;advisory GLSA 200607-06.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200607-06.

Vulnerability Insight:
A buffer overflow has been found in the libpng library that could lead to
the execution of arbitrary code.

Solution:
All libpng users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.12'

All AMD64 emul-linux-x86-baselibs users should also upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/emul-linux-x86-baselibs-2.5.1'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-3334
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 18698
http://www.securityfocus.com/bid/18698
Bugtraq: 20060719 rPSA-2006-0133-1 libpng (Google Search)
http://www.securityfocus.com/archive/1/440594/100/0/threaded
http://security.gentoo.org/glsa/glsa-200607-06.xml
http://security.gentoo.org/glsa/glsa-200812-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:209
http://www.mandriva.com/security/advisories?name=MDKSA-2006:210
http://www.mandriva.com/security/advisories?name=MDKSA-2006:211
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
http://secunia.com/advisories/20960
http://secunia.com/advisories/22956
http://secunia.com/advisories/22957
http://secunia.com/advisories/22958
http://secunia.com/advisories/23335
http://secunia.com/advisories/29420
http://secunia.com/advisories/33137
SuSE Security Announcement: SUSE-SR:2006:016 (Google Search)
http://www.novell.com/linux/security/advisories/2006_16_sr.html
SuSE Security Announcement: SUSE-SR:2006:028 (Google Search)
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.vupen.com/english/advisories/2006/2585
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: libpng-pngdecompresschunk-bo(27468)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27468

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57843
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200607-06 (libpng)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200607-06.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200607-06. Vulnerability Insight: A buffer overflow has been found in the libpng library that could lead to the execution of arbitrary code. Solution: All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.12' All AMD64 emul-linux-x86-baselibs users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-baselibs-2.5.1' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3334 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 18698 http://www.securityfocus.com/bid/18698 Bugtraq: 20060719 rPSA-2006-0133-1 libpng (Google Search) http://www.securityfocus.com/archive/1/440594/100/0/threaded http://security.gentoo.org/glsa/glsa-200607-06.xml http://security.gentoo.org/glsa/glsa-200812-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:209 http://www.mandriva.com/security/advisories?name=MDKSA-2006:210 http://www.mandriva.com/security/advisories?name=MDKSA-2006:211 http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 http://secunia.com/advisories/20960 http://secunia.com/advisories/22956 http://secunia.com/advisories/22957 http://secunia.com/advisories/22958 http://secunia.com/advisories/23335 http://secunia.com/advisories/29420 http://secunia.com/advisories/33137 SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html SuSE Security Announcement: SUSE-SR:2006:028 (Google Search) http://www.novell.com/linux/security/advisories/2006_28_sr.html http://www.vupen.com/english/advisories/2006/2585 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: libpng-pngdecompresschunk-bo(27468) https://exchange.xforce.ibmcloud.com/vulnerabilities/27468
Copyright	Copyright (C) 2008 E-Soft Inc.