ID de Prueba:	1.3.6.1.4.1.25623.1.0.881177
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libpng CESA-2012:0523 centos6
Resumen:	The remote host is missing an update for the 'libpng'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libpng' package(s) announced via the referenced advisory. Vulnerability Insight: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. Affected Software/OS: libpng on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3048 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 52830 http://www.securityfocus.com/bid/52830 Debian Security Information: DSA-2446 (Google Search) http://www.debian.org/security/2012/dsa-2446 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:046 http://www.osvdb.org/80822 RedHat Security Advisories: RHSA-2012:0523 http://rhn.redhat.com/errata/RHSA-2012-0523.html http://www.securitytracker.com/id?1026879 http://secunia.com/advisories/48587 http://secunia.com/advisories/48644 http://secunia.com/advisories/48665 http://secunia.com/advisories/48721 http://secunia.com/advisories/48983 http://secunia.com/advisories/49660 http://ubuntu.com/usn/usn-1417-1 XForce ISS Database: libpng-pngsettext2-code-execution(74494) https://exchange.xforce.ibmcloud.com/vulnerabilities/74494
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.