Test ID:	1.3.6.1.4.1.25623.1.0.59822
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-2521 (libpng10)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libpng10 announced via advisory FEDORA-2007-2521. The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. Update Information: Certain chunk handlers in libpng10 before 1.0.29 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. http://secunia.com/advisories/27093 http://www.frsirt.com/english/advisories/2007/3390 http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement This update to 1.0.29 addresses these issues. ChangeLog: * Fri Oct 5 2007 Paul Howarth 1.0.29-1 - update to 1.0.29 * Tue Sep 11 2007 Paul Howarth 1.0.28-1 - update to 1.0.28 * Mon Aug 20 2007 Paul Howarth 1.0.27-1 - update to 1.0.27 - add new file ANNOUNCE, which lists changes since last release - use shortname zlib for the license tag (package is zlib/libpng licensed) - drop pkgconf patch, which should no longer be needed * Sun May 20 2007 Paul Howarth 1.0.26-1 - update to 1.0.26 to address DoS issue (#240398, CVE-2007-2445) - update soname patch - libpng.txt now has a versioned filename References: [ 1 ] Bug #327791 - CVE-2007-5269 libpng DoS via multiple out-of-bounds reads https://bugzilla.redhat.com/show_bug.cgi?id=327791 [ 2 ] CVE-2007-5269 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 Updated packages: 0dddd75819b6bd2f6a2e2104fe82e0acd94fd180 libpng10-devel-1.0.29-1.fc7.ppc64.rpm 6079f9c55085f62bf2e1bc5ad3ac1025de216282 libpng10-debuginfo-1.0.29-1.fc7.ppc64.rpm 0b146e9285af5905b743e5524c5edb441503b42e libpng10-1.0.29-1.fc7.ppc64.rpm 842e1efaa6ca4a4b783e40f9ae72623f84490cd7 libpng10-debuginfo-1.0.29-1.fc7.i386.rpm 256ad47b46257de67897cf36514ba0984d71efa4 libpng10-1.0.29-1.fc7.i386.rpm 2ab451e2117e5e017b91c6a79a86e97f41b3c500 libpng10-devel-1.0.29-1.fc7.i386.rpm 685bd2898df5fd32965cbeeb65291cbdeba4a68e libpng10-devel-1.0.29-1.fc7.x86_64.rpm 862e399944ab8d60d6490e7169555f435e3a04f3 libpng10-1.0.29-1.fc7.x86_64.rpm 0e586e948f42fc948d3fd737fb44b2d09ffe294e libpng10-debuginfo-1.0.29-1.fc7.x86_64.rpm e0599552087d9bf7a5a78aa64f00b767048defc8 libpng10-devel-1.0.29-1.fc7.ppc.rpm 7f91839a840080d1d1b31863e1bb889e37256ebc libpng10-1.0.29-1.fc7.ppc.rpm 4ef0e0830875ecea2b206eab2ea629bc126012f1 libpng10-debuginfo-1.0.29-1.fc7.ppc.rpm 65558acbcd59927d15d04b100e4e68594422739d libpng10-1.0.29-1.fc7.src.rpm This update can be installed with the yum update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2521 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2445 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 24000 http://www.securityfocus.com/bid/24000 BugTraq ID: 24023 http://www.securityfocus.com/bid/24023 Bugtraq: 20070517 FLEA-2007-0018-1: libpng (Google Search) http://www.securityfocus.com/archive/1/468910/100/0/threaded Bugtraq: 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK (Google Search) http://www.securityfocus.com/archive/1/489135/100/0/threaded CERT/CC vulnerability note: VU#684664 http://www.kb.cert.org/vuls/id/684664 Debian Security Information: DSA-1613 (Google Search) http://www.debian.org/security/2008/dsa-1613 Debian Security Information: DSA-1750 (Google Search) http://www.debian.org/security/2009/dsa-1750 http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:116 http://www.coresecurity.com/?action=item&id=2148 http://openpkg.com/go/OpenPKG-SA-2007.013 http://osvdb.org/36196 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094 http://www.redhat.com/support/errata/RHSA-2007-0356.html http://www.securitytracker.com/id?1018078 http://secunia.com/advisories/25268 http://secunia.com/advisories/25273 http://secunia.com/advisories/25292 http://secunia.com/advisories/25329 http://secunia.com/advisories/25353 http://secunia.com/advisories/25461 http://secunia.com/advisories/25554 http://secunia.com/advisories/25571 http://secunia.com/advisories/25742 http://secunia.com/advisories/25787 http://secunia.com/advisories/25867 http://secunia.com/advisories/27056 http://secunia.com/advisories/29420 http://secunia.com/advisories/30161 http://secunia.com/advisories/31168 http://secunia.com/advisories/34388 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1 SuSE Security Announcement: SUSE-SR:2007:013 (Google Search) http://www.novell.com/linux/security/advisories/2007_13_sr.html http://www.trustix.org/errata/2007/0019/ http://www.ubuntu.com/usn/usn-472-1 http://www.vupen.com/english/advisories/2007/1838 http://www.vupen.com/english/advisories/2007/2385 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: libpng-trns-chunk-dos(34340) https://exchange.xforce.ibmcloud.com/vulnerabilities/34340 Common Vulnerability Exposure (CVE) ID: CVE-2007-5269 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 25956 http://www.securityfocus.com/bid/25956 BugTraq ID: 28276 http://www.securityfocus.com/bid/28276 Bugtraq: 20071112 FLEA-2007-0065-1 libpng (Google Search) http://www.securityfocus.com/archive/1/483582/100/0/threaded Bugtraq: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/489739/100/0/threaded Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search) http://www.securityfocus.com/archive/1/495869/100/0/threaded Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement http://lists.vmware.com/pipermail/security-announce/2008/000008.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614 http://www.redhat.com/support/errata/RHSA-2007-0992.html http://www.securitytracker.com/id?1018849 http://secunia.com/advisories/27093 http://secunia.com/advisories/27284 http://secunia.com/advisories/27369 http://secunia.com/advisories/27391 http://secunia.com/advisories/27405 http://secunia.com/advisories/27492 http://secunia.com/advisories/27529 http://secunia.com/advisories/27629 http://secunia.com/advisories/27662 http://secunia.com/advisories/27746 http://secunia.com/advisories/27965 http://secunia.com/advisories/30430 http://secunia.com/advisories/31712 http://secunia.com/advisories/31713 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html http://www.ubuntu.com/usn/usn-538-1 http://www.vupen.com/english/advisories/2007/3390 http://www.vupen.com/english/advisories/2008/0905/references http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/2466 http://www.vupen.com/english/advisories/2009/1462 http://www.vupen.com/english/advisories/2009/1560
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.