Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.59675
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2007-45 (libpng)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to libpng
announced via advisory TLSA-2007-45.

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG is
a bit-mapped graphics format similar to the GIF format. PNG was created to
replace the GIF format, since GIF uses a patented data compression
algorithm.

The sPLT chunk handling code in libpng uses a sizeof operator on the wrong
data type, which allows context-dependent attackers to cause a denial of
service.
The png_handle_tRNS function in libpng allows remote attackers to cause a
denial of service (application crash) via a grayscale PNG image.

Context-dependent attackers to cause a denial of service.
Remote attackers to cause a denial of service.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2007-45

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-5793
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 21078
http://www.securityfocus.com/bid/21078
Bugtraq: 20061115 rPSA-2006-0211-1 libpng (Google Search)
http://www.securityfocus.com/archive/1/451874/100/200/threaded
Bugtraq: 20061204 rPSA-2006-0211-2 doxygen libpng (Google Search)
http://www.securityfocus.com/archive/1/453484/100/100/threaded
Bugtraq: 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK (Google Search)
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://security.gentoo.org/glsa/glsa-200611-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:209
http://www.mandriva.com/security/advisories?name=MDKSA-2006:210
http://www.mandriva.com/security/advisories?name=MDKSA-2006:211
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://bugs.gentoo.org/attachment.cgi?id=101400&action=view
http://bugs.gentoo.org/show_bug.cgi?id=154380
http://www.coresecurity.com/?action=item&id=2148
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.036.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10324
http://www.redhat.com/support/errata/RHSA-2007-0356.html
http://securitytracker.com/id?1017244
http://secunia.com/advisories/22889
http://secunia.com/advisories/22900
http://secunia.com/advisories/22941
http://secunia.com/advisories/22950
http://secunia.com/advisories/22951
http://secunia.com/advisories/22956
http://secunia.com/advisories/22958
http://secunia.com/advisories/23208
http://secunia.com/advisories/23335
http://secunia.com/advisories/25329
http://secunia.com/advisories/25742
http://secunia.com/advisories/29420
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035
SuSE Security Announcement: SUSE-SR:2006:028 (Google Search)
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.trustix.org/errata/2006/0065/
http://www.ubuntu.com/usn/usn-383-1
http://www.vupen.com/english/advisories/2006/4521
http://www.vupen.com/english/advisories/2006/4568
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: libpng-pngsetsplt-dos(30290)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30290
Common Vulnerability Exposure (CVE) ID: CVE-2007-2445
BugTraq ID: 24000
http://www.securityfocus.com/bid/24000
BugTraq ID: 24023
http://www.securityfocus.com/bid/24023
Bugtraq: 20070517 FLEA-2007-0018-1: libpng (Google Search)
http://www.securityfocus.com/archive/1/468910/100/0/threaded
CERT/CC vulnerability note: VU#684664
http://www.kb.cert.org/vuls/id/684664
Debian Security Information: DSA-1613 (Google Search)
http://www.debian.org/security/2008/dsa-1613
Debian Security Information: DSA-1750 (Google Search)
http://www.debian.org/security/2009/dsa-1750
http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
http://openpkg.com/go/OpenPKG-SA-2007.013
http://osvdb.org/36196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094
http://www.securitytracker.com/id?1018078
http://secunia.com/advisories/25268
http://secunia.com/advisories/25273
http://secunia.com/advisories/25292
http://secunia.com/advisories/25353
http://secunia.com/advisories/25461
http://secunia.com/advisories/25554
http://secunia.com/advisories/25571
http://secunia.com/advisories/25787
http://secunia.com/advisories/25867
http://secunia.com/advisories/27056
http://secunia.com/advisories/30161
http://secunia.com/advisories/31168
http://secunia.com/advisories/34388
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-472-1
http://www.vupen.com/english/advisories/2007/1838
http://www.vupen.com/english/advisories/2007/2385
XForce ISS Database: libpng-trns-chunk-dos(34340)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34340
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.