Test ID:	1.3.6.1.4.1.25623.1.0.71970
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2012-206-01)
Summary:	The remote host is missing an update for the 'libpng' package(s) announced via the SSA:2012-206-01 advisory.
Description:	Summary: The remote host is missing an update for the 'libpng' package(s) announced via the SSA:2012-206-01 advisory. Vulnerability Insight: New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed 'a+w' to 'u+w' in Makefile.in to fix CVE-2012-3386. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'libpng' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3045 Debian Security Information: DSA-2439 (Google Search) http://www.debian.org/security/2012/dsa-2439 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 RedHat Security Advisories: RHSA-2012:0407 http://rhn.redhat.com/errata/RHSA-2012-0407.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html http://www.securitytracker.com/id?1026823 http://secunia.com/advisories/48320 http://secunia.com/advisories/48485 http://secunia.com/advisories/48512 http://secunia.com/advisories/48554 http://secunia.com/advisories/49660 SuSE Security Announcement: openSUSE-SU-2012:0432 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html SuSE Security Announcement: openSUSE-SU-2012:0466 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3048 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 52830 http://www.securityfocus.com/bid/52830 Debian Security Information: DSA-2446 (Google Search) http://www.debian.org/security/2012/dsa-2446 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:046 http://www.osvdb.org/80822 RedHat Security Advisories: RHSA-2012:0523 http://rhn.redhat.com/errata/RHSA-2012-0523.html http://www.securitytracker.com/id?1026879 http://secunia.com/advisories/48587 http://secunia.com/advisories/48644 http://secunia.com/advisories/48665 http://secunia.com/advisories/48721 http://secunia.com/advisories/48983 http://ubuntu.com/usn/usn-1417-1 XForce ISS Database: libpng-pngsettext2-code-execution(74494) https://exchange.xforce.ibmcloud.com/vulnerabilities/74494 Common Vulnerability Exposure (CVE) ID: CVE-2012-3386 FEDORA-2012-14297 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html FEDORA-2012-14349 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html FEDORA-2012-14770 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html MDVSA-2012:103 http://www.mandriva.com/security/advisories?name=MDVSA-2012:103 RHSA-2013:0526 http://rhn.redhat.com/errata/RHSA-2013-0526.html [automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck' https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html [automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!) https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html [automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!) https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76 openSUSE-SU-2012:1519 http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.