ID de Prueba:	1.3.6.1.4.1.25623.1.0.63514
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: pngcrush
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: pngcrush CVE-2009-0040 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0040 1020521 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 20090312 rPSA-2009-0046-1 libpng http://www.securityfocus.com/archive/1/501767/100/0/threaded 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues http://www.securityfocus.com/archive/1/503912/100/0/threaded 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server http://www.securityfocus.com/archive/1/505990/100/0/threaded 259989 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 33827 http://www.securityfocus.com/bid/33827 33970 http://secunia.com/advisories/33970 33976 http://secunia.com/advisories/33976 33990 http://www.securityfocus.com/bid/33990 34137 http://secunia.com/advisories/34137 34140 http://secunia.com/advisories/34140 34143 http://secunia.com/advisories/34143 34145 http://secunia.com/advisories/34145 34152 http://secunia.com/advisories/34152 34210 http://secunia.com/advisories/34210 34265 http://secunia.com/advisories/34265 34272 http://secunia.com/advisories/34272 34320 http://secunia.com/advisories/34320 34324 http://secunia.com/advisories/34324 34388 http://secunia.com/advisories/34388 34462 http://secunia.com/advisories/34462 34464 http://secunia.com/advisories/34464 35074 http://secunia.com/advisories/35074 35258 http://secunia.com/advisories/35258 35302 http://secunia.com/advisories/35302 35379 http://secunia.com/advisories/35379 35386 http://secunia.com/advisories/35386 36096 http://secunia.com/advisories/36096 ADV-2009-0469 http://www.vupen.com/english/advisories/2009/0469 ADV-2009-0473 http://www.vupen.com/english/advisories/2009/0473 ADV-2009-0632 http://www.vupen.com/english/advisories/2009/0632 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1451 http://www.vupen.com/english/advisories/2009/1451 ADV-2009-1462 http://www.vupen.com/english/advisories/2009/1462 ADV-2009-1522 http://www.vupen.com/english/advisories/2009/1522 ADV-2009-1560 http://www.vupen.com/english/advisories/2009/1560 ADV-2009-1621 http://www.vupen.com/english/advisories/2009/1621 ADV-2009-2172 http://www.vupen.com/english/advisories/2009/2172 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html APPLE-SA-2009-06-08-1 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html APPLE-SA-2009-06-17-1 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html APPLE-SA-2009-08-05-1 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html DSA-1750 http://www.debian.org/security/2009/dsa-1750 DSA-1830 http://www.debian.org/security/2009/dsa-1830 FEDORA-2009-1976 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html FEDORA-2009-2045 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html FEDORA-2009-2882 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html FEDORA-2009-2884 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html GLSA-200903-28 http://security.gentoo.org/glsa/glsa-200903-28.xml GLSA-201209-25 http://security.gentoo.org/glsa/glsa-201209-25.xml MDVSA-2009:051 http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 MDVSA-2009:075 http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 MDVSA-2009:083 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 RHSA-2009:0315 http://www.redhat.com/support/errata/RHSA-2009-0315.html RHSA-2009:0325 http://www.redhat.com/support/errata/RHSA-2009-0325.html RHSA-2009:0333 http://www.redhat.com/support/errata/RHSA-2009-0333.html RHSA-2009:0340 http://www.redhat.com/support/errata/RHSA-2009-0340.html SSA:2009-083-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 SSA:2009-083-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SUSE-SA:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html SUSE-SR:2009:005 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html VU#649212 http://www.kb.cert.org/vuls/id/649212 [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server http://lists.vmware.com/pipermail/security-announce/2009/000062.html ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://support.apple.com/kb/HT3757 http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://wiki.rpath.com/Advisories:rPSA-2009-0046 http://www.vmware.com/security/advisories/VMSA-2009-0007.html libpng-pointer-arrays-code-execution(48819) https://exchange.xforce.ibmcloud.com/vulnerabilities/48819 oval:org.mitre.oval:def:10316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316 oval:org.mitre.oval:def:6458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.