Test ID:	1.3.6.1.4.1.25623.1.0.63530
Category:	Fedora Local Security Checks
Title:	Fedora Core 9 FEDORA-2009-2045 (libpng10)
Summary:	The remote host is missing an update to libpng10;announced via advisory FEDORA-2009-2045.;Note: This VT has been deprecated and is therefore no longer functional.
Description:	Summary: The remote host is missing an update to libpng10 announced via advisory FEDORA-2009-2045. Note: This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: Update Information: This release fixes a vulnerability in which some arrays of pointers are not initialized prior to using malloc to define the pointers. If the application runs out of memory while executing the allocation loop (which can be forced by malevolent input), libpng10 will jump to a cleanup process that attempts to free all of the pointers, including the undefined ones. This issue has been assigned CVE-2009-0040 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update libpng10' at the command line. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0040 1020521 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 20090312 rPSA-2009-0046-1 libpng http://www.securityfocus.com/archive/1/501767/100/0/threaded 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues http://www.securityfocus.com/archive/1/503912/100/0/threaded 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server http://www.securityfocus.com/archive/1/505990/100/0/threaded 259989 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 33827 http://www.securityfocus.com/bid/33827 33970 http://secunia.com/advisories/33970 33976 http://secunia.com/advisories/33976 33990 http://www.securityfocus.com/bid/33990 34137 http://secunia.com/advisories/34137 34140 http://secunia.com/advisories/34140 34143 http://secunia.com/advisories/34143 34145 http://secunia.com/advisories/34145 34152 http://secunia.com/advisories/34152 34210 http://secunia.com/advisories/34210 34265 http://secunia.com/advisories/34265 34272 http://secunia.com/advisories/34272 34320 http://secunia.com/advisories/34320 34324 http://secunia.com/advisories/34324 34388 http://secunia.com/advisories/34388 34462 http://secunia.com/advisories/34462 34464 http://secunia.com/advisories/34464 35074 http://secunia.com/advisories/35074 35258 http://secunia.com/advisories/35258 35302 http://secunia.com/advisories/35302 35379 http://secunia.com/advisories/35379 35386 http://secunia.com/advisories/35386 36096 http://secunia.com/advisories/36096 ADV-2009-0469 http://www.vupen.com/english/advisories/2009/0469 ADV-2009-0473 http://www.vupen.com/english/advisories/2009/0473 ADV-2009-0632 http://www.vupen.com/english/advisories/2009/0632 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1451 http://www.vupen.com/english/advisories/2009/1451 ADV-2009-1462 http://www.vupen.com/english/advisories/2009/1462 ADV-2009-1522 http://www.vupen.com/english/advisories/2009/1522 ADV-2009-1560 http://www.vupen.com/english/advisories/2009/1560 ADV-2009-1621 http://www.vupen.com/english/advisories/2009/1621 ADV-2009-2172 http://www.vupen.com/english/advisories/2009/2172 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html APPLE-SA-2009-06-08-1 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html APPLE-SA-2009-06-17-1 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html APPLE-SA-2009-08-05-1 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html DSA-1750 http://www.debian.org/security/2009/dsa-1750 DSA-1830 http://www.debian.org/security/2009/dsa-1830 FEDORA-2009-1976 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html FEDORA-2009-2045 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html FEDORA-2009-2882 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html FEDORA-2009-2884 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html GLSA-200903-28 http://security.gentoo.org/glsa/glsa-200903-28.xml GLSA-201209-25 http://security.gentoo.org/glsa/glsa-201209-25.xml MDVSA-2009:051 http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 MDVSA-2009:075 http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 MDVSA-2009:083 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 RHSA-2009:0315 http://www.redhat.com/support/errata/RHSA-2009-0315.html RHSA-2009:0325 http://www.redhat.com/support/errata/RHSA-2009-0325.html RHSA-2009:0333 http://www.redhat.com/support/errata/RHSA-2009-0333.html RHSA-2009:0340 http://www.redhat.com/support/errata/RHSA-2009-0340.html SSA:2009-083-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 SSA:2009-083-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SUSE-SA:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html SUSE-SR:2009:005 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html VU#649212 http://www.kb.cert.org/vuls/id/649212 [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server http://lists.vmware.com/pipermail/security-announce/2009/000062.html ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://support.apple.com/kb/HT3757 http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://wiki.rpath.com/Advisories:rPSA-2009-0046 http://www.vmware.com/security/advisories/VMSA-2009-0007.html libpng-pointer-arrays-code-execution(48819) https://exchange.xforce.ibmcloud.com/vulnerabilities/48819 oval:org.mitre.oval:def:10316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316 oval:org.mitre.oval:def:6458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458 Common Vulnerability Exposure (CVE) ID: CVE-2008-1382 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html BugTraq ID: 28770 http://www.securityfocus.com/bid/28770 Bugtraq: 20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling (Google Search) http://www.securityfocus.com/archive/1/490823/100/0/threaded Bugtraq: 20080429 rPSA-2008-0151-1 libpng (Google Search) http://www.securityfocus.com/archive/1/491424/100/0/threaded Bugtraq: 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues (Google Search) Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Cert/CC Advisory: TA09-133A Debian Security Information: DSA-1750 (Google Search) https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html http://security.gentoo.org/glsa/glsa-200804-15.xml http://security.gentoo.org/glsa/glsa-200805-10.xml http://security.gentoo.org/glsa/glsa-200812-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 http://www.ocert.org/advisories/ocert-2008-003.html http://www.osvdb.org/44364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 http://www.securitytracker.com/id?1019840 http://secunia.com/advisories/29678 http://secunia.com/advisories/29792 http://secunia.com/advisories/29957 http://secunia.com/advisories/29992 http://secunia.com/advisories/30009 http://secunia.com/advisories/30157 http://secunia.com/advisories/30174 http://secunia.com/advisories/30402 http://secunia.com/advisories/30486 http://secunia.com/advisories/31882 http://secunia.com/advisories/33137 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.vupen.com/english/advisories/2008/1225/references http://www.vupen.com/english/advisories/2008/2584 XForce ISS Database: libpng-zero-length-code-execution(41800) https://exchange.xforce.ibmcloud.com/vulnerabilities/41800
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.