Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67130
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-913-1 (libpng)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to libpng
announced via advisory USN-913-1.

Details follow:

It was discovered that libpng did not properly initialize memory when
decoding certain 1-bit interlaced images. If a user or automated system
were tricked into processing crafted PNG images, an attacker could possibly
use this flaw to read sensitive information stored in memory. This issue
only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)

It was discovered that libpng did not properly handle certain excessively
compressed PNG images. If a user or automated system were tricked into
processing a crafted PNG image, an attacker could possibly use this flaw to
consume all available resources, resulting in a denial of service.
(CVE-2010-0205)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.5

Ubuntu 8.04 LTS:
libpng12-0 1.2.15~
beta5-3ubuntu0.2

Ubuntu 8.10:
libpng12-0 1.2.27-1ubuntu0.2

Ubuntu 9.04:
libpng12-0 1.2.27-2ubuntu2.1

Ubuntu 9.10:
libpng12-0 1.2.37-1ubuntu0.1

After a standard system upgrade you need to reboot your computer to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-913-1

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2042
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 35233
http://www.securityfocus.com/bid/35233
Bugtraq: 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
Debian Security Information: DSA-2032 (Google Search)
http://www.debian.org/security/2010/dsa-2032
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://security.gentoo.org/glsa/glsa-200906-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
http://secunia.com/advisories/35346
http://secunia.com/advisories/35470
http://secunia.com/advisories/35524
http://secunia.com/advisories/35594
http://secunia.com/advisories/39206
http://secunia.com/advisories/39215
http://secunia.com/advisories/39251
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809
http://ubuntu.com/usn/usn-913-1
http://www.vupen.com/english/advisories/2009/1510
http://www.vupen.com/english/advisories/2010/0637
http://www.vupen.com/english/advisories/2010/0682
http://www.vupen.com/english/advisories/2010/0847
XForce ISS Database: libpng-interlaced-image-info-disclosure(50966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50966
Common Vulnerability Exposure (CVE) ID: CVE-2010-0205
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 38478
http://www.securityfocus.com/bid/38478
CERT/CC vulnerability note: VU#576029
http://www.kb.cert.org/vuls/id/576029
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:064
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://osvdb.org/62670
http://www.securitytracker.com/id?1023674
http://secunia.com/advisories/38774
http://secunia.com/advisories/41574
SuSE Security Announcement: SUSE-SR:2010:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.vupen.com/english/advisories/2010/0517
http://www.vupen.com/english/advisories/2010/0605
http://www.vupen.com/english/advisories/2010/0626
http://www.vupen.com/english/advisories/2010/0667
http://www.vupen.com/english/advisories/2010/0686
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/2491
XForce ISS Database: libpng-pngdecompresschunk-dos(56661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56661
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.