Test ID:	1.3.6.1.4.1.25623.1.0.62964
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200812-15 (povray)
Summary:	The remote host is missing updates announced in;advisory GLSA 200812-15.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200812-15. Vulnerability Insight: POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file Solution: All POV-Ray users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/povray-3.6.1-r4' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0768 Debian Security Information: DSA-536 (Google Search) http://www.debian.org/security/2004/dsa-536 https://bugzilla.fedora.us/show_bug.cgi?id=1943 http://security.gentoo.org/glsa/glsa-200812-15.xml http://secunia.com/advisories/33137 XForce ISS Database: libpng-offset-bo(16914) https://exchange.xforce.ibmcloud.com/vulnerabilities/16914 Common Vulnerability Exposure (CVE) ID: CVE-2006-0481 1015615 http://securitytracker.com/id?1015615 1015617 http://securitytracker.com/id?1015617 16626 http://www.securityfocus.com/bid/16626 18654 http://secunia.com/advisories/18654 18863 http://secunia.com/advisories/18863 33137 ADV-2006-0393 http://www.vupen.com/english/advisories/2006/0393 GLSA-200812-15 RHSA-2006:0205 http://www.redhat.com/support/errata/RHSA-2006-0205.html ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455 libpng-pngsetstripalpha-bo(24396) https://exchange.xforce.ibmcloud.com/vulnerabilities/24396 oval:org.mitre.oval:def:10780 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780 Common Vulnerability Exposure (CVE) ID: CVE-2006-3334 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 18698 http://www.securityfocus.com/bid/18698 Bugtraq: 20060719 rPSA-2006-0133-1 libpng (Google Search) http://www.securityfocus.com/archive/1/440594/100/0/threaded http://security.gentoo.org/glsa/glsa-200607-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:209 http://www.mandriva.com/security/advisories?name=MDKSA-2006:210 http://www.mandriva.com/security/advisories?name=MDKSA-2006:211 http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 http://secunia.com/advisories/20960 http://secunia.com/advisories/22956 http://secunia.com/advisories/22957 http://secunia.com/advisories/22958 http://secunia.com/advisories/23335 http://secunia.com/advisories/29420 SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html SuSE Security Announcement: SUSE-SR:2006:028 (Google Search) http://www.novell.com/linux/security/advisories/2006_28_sr.html http://www.vupen.com/english/advisories/2006/2585 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: libpng-pngdecompresschunk-bo(27468) https://exchange.xforce.ibmcloud.com/vulnerabilities/27468 Common Vulnerability Exposure (CVE) ID: CVE-2008-1382 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 28770 http://www.securityfocus.com/bid/28770 Bugtraq: 20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling (Google Search) http://www.securityfocus.com/archive/1/490823/100/0/threaded Bugtraq: 20080429 rPSA-2008-0151-1 libpng (Google Search) http://www.securityfocus.com/archive/1/491424/100/0/threaded Bugtraq: 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues (Google Search) http://www.securityfocus.com/archive/1/503912/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1750 (Google Search) http://www.debian.org/security/2009/dsa-1750 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html http://security.gentoo.org/glsa/glsa-200804-15.xml http://security.gentoo.org/glsa/glsa-200805-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 http://www.ocert.org/advisories/ocert-2008-003.html http://www.osvdb.org/44364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 http://www.redhat.com/support/errata/RHSA-2009-0333.html http://www.securitytracker.com/id?1019840 http://secunia.com/advisories/29678 http://secunia.com/advisories/29792 http://secunia.com/advisories/29957 http://secunia.com/advisories/29992 http://secunia.com/advisories/30009 http://secunia.com/advisories/30157 http://secunia.com/advisories/30174 http://secunia.com/advisories/30402 http://secunia.com/advisories/30486 http://secunia.com/advisories/31882 http://secunia.com/advisories/34152 http://secunia.com/advisories/34388 http://secunia.com/advisories/35074 http://secunia.com/advisories/35258 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.vupen.com/english/advisories/2008/1225/references http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1451 http://www.vupen.com/english/advisories/2009/1462 http://www.vupen.com/english/advisories/2009/1560 XForce ISS Database: libpng-zero-length-code-execution(41800) https://exchange.xforce.ibmcloud.com/vulnerabilities/41800 Common Vulnerability Exposure (CVE) ID: CVE-2008-3964 BugTraq ID: 31049 http://www.securityfocus.com/bid/31049 CERT/CC vulnerability note: VU#889484 http://www.kb.cert.org/vuls/id/889484 http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 http://www.openwall.com/lists/oss-security/2008/09/09/3 http://www.openwall.com/lists/oss-security/2008/09/09/8 http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://secunia.com/advisories/31781 http://www.vupen.com/english/advisories/2008/2512 XForce ISS Database: libpng-pngpushreadztxt-dos(44928) https://exchange.xforce.ibmcloud.com/vulnerabilities/44928
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.