| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:0340.;;The libpng packages contain a library of functions for creating and;manipulating PNG (Portable Network Graphics) image format files.;;A flaw was discovered in libpng that could result in libpng trying to;free() random memory if certain, unlikely error conditions occurred. If a;carefully-crafted PNG file was loaded by an application linked against;libpng, it could cause the application to crash or, potentially, execute;arbitrary code with the privileges of the user running the application.;(CVE-2009-0040);;Users of libpng and libpng10 should upgrade to these updated packages,;which contain backported patches to correct these issues. All running;applications using libpng or libpng10 must be restarted for the update to;take effect. |
| Descripción: | Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0340.
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying to
free() random memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)
Users of libpng and libpng10 should upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
