Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54293
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2004-0040 (libpng)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2004-0040.


This update fixed the following security vulnerabilities:

CVE-2004-0597 - Multiple buffer overflows exist, including when
handling transparency chunk data, which could be exploited to cause
arbitrary code to be executed when a specially crafted PNG image is
processed

CVE-2004-0598 - Multiple NULL pointer dereferences in
png_handle_iCPP() and elsewhere could be exploited to cause an
application to crash when a specially crafted PNG image is processed

CVE-2004-0599 - Multiple integer overflows in png_handle_sPLT(),
png_read_png() nctions and elsewhere could be exploited to cause an
application to crash, or potentially arbitrary code to be executed,
when a specially crafted PNG image is processed

CVE-2004-0768 - A buffer overflow could be caused by incorrect
calculation of buffer offsets, possibly leading to the execution of
arbitrary code

Some of these problems was also fixed in our earier releases, this
update includes an all in one patch that covers them all.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0040

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0597
http://lists.apple.com/mhonarc/security-announce/msg00056.html
BugTraq ID: 10857
http://www.securityfocus.com/bid/10857
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
Bugtraq: 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) (Google Search)
http://marc.info/?l=bugtraq&m=109163866717909&w=2
Bugtraq: 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit (Google Search)
http://marc.info/?l=bugtraq&m=110796779903455&w=2
Cert/CC Advisory: TA04-217A
http://www.us-cert.gov/cas/techalerts/TA04-217A.html
Cert/CC Advisory: TA05-039A
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
CERT/CC vulnerability note: VU#388984
http://www.kb.cert.org/vuls/id/388984
CERT/CC vulnerability note: VU#817368
http://www.kb.cert.org/vuls/id/817368
Conectiva Linux advisory: CLA-2004:856
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856
Debian Security Information: DSA-536 (Google Search)
http://www.debian.org/security/2004/dsa-536
https://bugzilla.fedora.us/show_bug.cgi?id=1943
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
HPdes Security Advisory: SSRT4778
http://marc.info/?l=bugtraq&m=109181639602978&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2004:079
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
http://scary.beasts.org/security/CESA-2004-001.txt
http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10
Microsoft Security Bulletin: MS05-009
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709
http://www.redhat.com/support/errata/RHSA-2004-402.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.redhat.com/support/errata/RHSA-2004-429.html
SCO Security Bulletin: SCOSA-2004.16
http://marc.info/?l=bugtraq&m=109761239318458&w=2
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/22957
http://secunia.com/advisories/22958
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1
SuSE Security Announcement: SUSE-SA:2004:023 (Google Search)
http://www.novell.com/linux/security/advisories/2004_23_libpng.html
http://www.trustix.net/errata/2004/0040/
XForce ISS Database: libpng-pnghandle-bo(16894)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16894
Common Vulnerability Exposure (CVE) ID: CVE-2004-0598
CERT/CC vulnerability note: VU#236656
http://www.kb.cert.org/vuls/id/236656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572
XForce ISS Database: libpng-pnghandleiccp-dos(16895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16895
Common Vulnerability Exposure (CVE) ID: CVE-2004-0599
CERT/CC vulnerability note: VU#160448
http://www.kb.cert.org/vuls/id/160448
CERT/CC vulnerability note: VU#286464
http://www.kb.cert.org/vuls/id/286464
CERT/CC vulnerability note: VU#477512
http://www.kb.cert.org/vuls/id/477512
Debian Security Information: DSA-570 (Google Search)
http://www.debian.org/security/2004/dsa-570
Debian Security Information: DSA-571 (Google Search)
http://www.debian.org/security/2004/dsa-571
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479
XForce ISS Database: lilbpng-integer-bo(16896)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16896
Common Vulnerability Exposure (CVE) ID: CVE-2004-0768
http://security.gentoo.org/glsa/glsa-200812-15.xml
http://secunia.com/advisories/33137
XForce ISS Database: libpng-offset-bo(16914)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16914
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.