Test ID:	1.3.6.1.4.1.25623.1.0.881259
Category:	CentOS Local Security Checks
Title:	CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64
Summary:	The remote host is missing an update for the 'libpng10'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libpng10' package(s) announced via the referenced advisory. Vulnerability Insight: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect. Affected Software/OS: libpng10 on CentOS 4 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2692 45046 http://secunia.com/advisories/45046 45405 http://secunia.com/advisories/45405 45415 http://secunia.com/advisories/45415 45445 http://secunia.com/advisories/45445 45460 http://secunia.com/advisories/45460 45461 http://secunia.com/advisories/45461 45492 http://secunia.com/advisories/45492 48618 http://www.securityfocus.com/bid/48618 49660 http://secunia.com/advisories/49660 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html DSA-2287 http://www.debian.org/security/2011/dsa-2287 FEDORA-2011-9336 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html GLSA-201206-15 http://security.gentoo.org/glsa/glsa-201206-15.xml MDVSA-2011:151 http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 RHSA-2011:1103 http://www.redhat.com/support/errata/RHSA-2011-1103.html RHSA-2011:1104 http://www.redhat.com/support/errata/RHSA-2011-1104.html RHSA-2011:1105 http://www.redhat.com/support/errata/RHSA-2011-1105.html USN-1175-1 http://www.ubuntu.com/usn/USN-1175-1 VU#819894 http://www.kb.cert.org/vuls/id/819894 [oss-security] 20110713 Security issues fixed in libpng 1.5.4 http://www.openwall.com/lists/oss-security/2011/07/13/2 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5281 http://www.libpng.org/pub/png/libpng.html https://bugzilla.redhat.com/show_bug.cgi?id=720612 libpng-png-file-dos(68536) https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.