Test ID:	1.3.6.1.4.1.25623.1.0.61846
Category:	Fedora Local Security Checks
Title:	Fedora Core 8 FEDORA-2008-9393 (libpng10)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libpng10 announced via advisory FEDORA-2008-9393. Update Information: This update includes an upstream fix for a memory leak within the png_handle_tEXt() function in pngrutil.c, which can be exploited by malicious people to cause a DoS (Denial of Service) via a specially crafted PNG image. ChangeLog: * Fri Oct 31 2008 Paul Howarth 1.0.41-1 - update to 1.0.41 (addresses #468990, memory leak after reading a malformed tEXt chunk) * Fri Sep 19 2008 Paul Howarth 1.0.40-1 - update to 1.0.40 References: [ 1 ] Bug #468990 - libpng: png_handle_tEXt() memory leak vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=468990 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-9393 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1382 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 28770 http://www.securityfocus.com/bid/28770 Bugtraq: 20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling (Google Search) http://www.securityfocus.com/archive/1/490823/100/0/threaded Bugtraq: 20080429 rPSA-2008-0151-1 libpng (Google Search) http://www.securityfocus.com/archive/1/491424/100/0/threaded Bugtraq: 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues (Google Search) http://www.securityfocus.com/archive/1/503912/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1750 (Google Search) http://www.debian.org/security/2009/dsa-1750 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html http://security.gentoo.org/glsa/glsa-200804-15.xml http://security.gentoo.org/glsa/glsa-200805-10.xml http://security.gentoo.org/glsa/glsa-200812-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 http://www.ocert.org/advisories/ocert-2008-003.html http://www.osvdb.org/44364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 http://www.redhat.com/support/errata/RHSA-2009-0333.html http://www.securitytracker.com/id?1019840 http://secunia.com/advisories/29678 http://secunia.com/advisories/29792 http://secunia.com/advisories/29957 http://secunia.com/advisories/29992 http://secunia.com/advisories/30009 http://secunia.com/advisories/30157 http://secunia.com/advisories/30174 http://secunia.com/advisories/30402 http://secunia.com/advisories/30486 http://secunia.com/advisories/31882 http://secunia.com/advisories/33137 http://secunia.com/advisories/34152 http://secunia.com/advisories/34388 http://secunia.com/advisories/35074 http://secunia.com/advisories/35258 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.vupen.com/english/advisories/2008/1225/references http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1451 http://www.vupen.com/english/advisories/2009/1462 http://www.vupen.com/english/advisories/2009/1560 XForce ISS Database: libpng-zero-length-code-execution(41800) https://exchange.xforce.ibmcloud.com/vulnerabilities/41800
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.