Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70023
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:1104
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:1104.

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A buffer overflow flaw was found in the way libpng processed certain PNG
image files. An attacker could create a specially-crafted PNG image that,
when opened, could cause an application using libpng to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-2690)

Note: The application behavior required to exploit CVE-2011-2690 is rarely
used. No application shipped with Red Hat Enterprise Linux behaves this
way, for example.

An uninitialized memory read issue was found in the way libpng processed
certain PNG images that use the Physical Scale (sCAL) extension. An
attacker could create a specially-crafted PNG image that, when opened,
could cause an application using libpng to crash. (CVE-2011-2692)

Users of libpng should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications using
libpng must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1104.html

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2690
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 48660
http://www.securityfocus.com/bid/48660
Debian Security Information: DSA-2287 (Google Search)
http://www.debian.org/security/2011/dsa-2287
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.redhat.com/support/errata/RHSA-2011-1104.html
http://www.redhat.com/support/errata/RHSA-2011-1105.html
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45415
http://secunia.com/advisories/45460
http://secunia.com/advisories/45461
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://www.ubuntu.com/usn/USN-1175-1
XForce ISS Database: libpng-pngrgbtogray-bo(68538)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68538
Common Vulnerability Exposure (CVE) ID: CVE-2011-2692
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
BugTraq ID: 48618
http://www.securityfocus.com/bid/48618
CERT/CC vulnerability note: VU#819894
http://www.kb.cert.org/vuls/id/819894
http://www.redhat.com/support/errata/RHSA-2011-1103.html
http://secunia.com/advisories/45445
XForce ISS Database: libpng-png-file-dos(68536)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.