| Descripción: | Description:
The remote host is missing an update to libpng
announced via advisory MDVSA-2011:151.
Multiple vulnerabilities has been discovered and corrected in libpng:
The png_format_buffer function in pngerror.c in libpng allows
remote attackers to cause a denial of service (application crash)
via a crafted PNG image that triggers an out-of-bounds read during
the copying of error-message data. NOTE: this vulnerability exists
because of a CVE-2004-0421 regression (CVE-2011-2501).
Buffer overflow in libpng, when used by an application that calls the
png_rgb_to_gray function but not the png_set_expand function, allows
remote attackers to overwrite memory with an arbitrary amount of data,
and possibly have unspecified other impact, via a crafted PNG image
(CVE-2011-2690).
The png_err function in pngerror.c in libpng makes a function call
using a NULL pointer argument instead of an empty-string argument,
which allows remote attackers to cause a denial of service (application
crash) via a crafted PNG image (CVE-2011-2691). NOTE: This does not
affect the binary packages in Mandriva, but could affect users if
PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package.
The png_handle_sCAL function in pngrutil.c in libpng does not properly
handle invalid sCAL chunks, which allows remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly have unspecified other impact via a crafted PNG image that
triggers the reading of uninitialized memory (CVE-2011-2692).
The updated packages have been patched to correct these issues.
Affected: 2010.1, Enterprise Server 5.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:151
Risk factor : High
|
