English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63440
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDVSA-2009:051 (libpng)
Resumen:The remote host is missing an update to libpng;announced via advisory MDVSA-2009:051.
Descripción:Summary:
The remote host is missing an update to libpng
announced via advisory MDVSA-2009:051.

Vulnerability Insight:
A number of vulnerabilities have been found and corrected in libpng:

Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was
already fixed in Mandriva Linux 2009.0.

Fix the function png_check_keyword() that allowed setting arbitrary
bytes in the process memory to 0 (CVE-2008-5907).

Fix a potential DoS (Denial of Service) or to potentially compromise
an application using the library (CVE-2009-0040).

The updated packages have been patched to prevent this.

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3964
BugTraq ID: 31049
http://www.securityfocus.com/bid/31049
CERT/CC vulnerability note: VU#889484
http://www.kb.cert.org/vuls/id/889484
http://security.gentoo.org/glsa/glsa-200812-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
http://www.openwall.com/lists/oss-security/2008/09/09/3
http://www.openwall.com/lists/oss-security/2008/09/09/8
http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement
http://secunia.com/advisories/31781
http://secunia.com/advisories/33137
http://secunia.com/advisories/35302
http://secunia.com/advisories/35386
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://www.vupen.com/english/advisories/2008/2512
http://www.vupen.com/english/advisories/2009/1462
http://www.vupen.com/english/advisories/2009/1560
XForce ISS Database: libpng-pngpushreadztxt-dos(44928)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44928
Common Vulnerability Exposure (CVE) ID: CVE-2008-5907
Debian Security Information: DSA-1750 (Google Search)
http://www.debian.org/security/2009/dsa-1750
http://security.gentoo.org/glsa/glsa-200903-28.xml
http://openwall.com/lists/oss-security/2009/01/09/1
http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement
http://secunia.com/advisories/34320
http://secunia.com/advisories/34388
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
XForce ISS Database: libpng-pngcheckkeyword-memory-corruption(48128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48128
Common Vulnerability Exposure (CVE) ID: CVE-2009-0040
1020521
20090312 rPSA-2009-0046-1 libpng
http://www.securityfocus.com/archive/1/501767/100/0/threaded
20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
http://www.securityfocus.com/archive/1/503912/100/0/threaded
20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
http://www.securityfocus.com/archive/1/505990/100/0/threaded
259989
33827
http://www.securityfocus.com/bid/33827
33970
http://secunia.com/advisories/33970
33976
http://secunia.com/advisories/33976
33990
http://www.securityfocus.com/bid/33990
34137
http://secunia.com/advisories/34137
34140
http://secunia.com/advisories/34140
34143
http://secunia.com/advisories/34143
34145
http://secunia.com/advisories/34145
34152
http://secunia.com/advisories/34152
34210
http://secunia.com/advisories/34210
34265
http://secunia.com/advisories/34265
34272
http://secunia.com/advisories/34272
34320
34324
http://secunia.com/advisories/34324
34388
34462
http://secunia.com/advisories/34462
34464
http://secunia.com/advisories/34464
35074
http://secunia.com/advisories/35074
35258
http://secunia.com/advisories/35258
35302
35379
http://secunia.com/advisories/35379
35386
36096
http://secunia.com/advisories/36096
ADV-2009-0469
http://www.vupen.com/english/advisories/2009/0469
ADV-2009-0473
http://www.vupen.com/english/advisories/2009/0473
ADV-2009-0632
http://www.vupen.com/english/advisories/2009/0632
ADV-2009-1297
http://www.vupen.com/english/advisories/2009/1297
ADV-2009-1451
http://www.vupen.com/english/advisories/2009/1451
ADV-2009-1462
ADV-2009-1522
http://www.vupen.com/english/advisories/2009/1522
ADV-2009-1560
ADV-2009-1621
http://www.vupen.com/english/advisories/2009/1621
ADV-2009-2172
http://www.vupen.com/english/advisories/2009/2172
APPLE-SA-2009-05-12
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
APPLE-SA-2009-06-08-1
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
APPLE-SA-2009-06-17-1
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
APPLE-SA-2009-08-05-1
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
DSA-1750
DSA-1830
http://www.debian.org/security/2009/dsa-1830
FEDORA-2009-1976
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
FEDORA-2009-2045
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
FEDORA-2009-2882
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
FEDORA-2009-2884
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
GLSA-200903-28
GLSA-201209-25
http://security.gentoo.org/glsa/glsa-201209-25.xml
MDVSA-2009:051
MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
MDVSA-2009:083
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
RHSA-2009:0315
http://www.redhat.com/support/errata/RHSA-2009-0315.html
RHSA-2009:0325
http://www.redhat.com/support/errata/RHSA-2009-0325.html
RHSA-2009:0333
http://www.redhat.com/support/errata/RHSA-2009-0333.html
RHSA-2009:0340
http://www.redhat.com/support/errata/RHSA-2009-0340.html
SSA:2009-083-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
SSA:2009-083-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
SUSE-SA:2009:012
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
SUSE-SA:2009:023
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
SUSE-SR:2009:005
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
TA09-218A
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
VU#649212
http://www.kb.cert.org/vuls/id/649212
[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.apple.com/kb/HT3757
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://wiki.rpath.com/Advisories:rPSA-2009-0046
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
libpng-pointer-arrays-code-execution(48819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48819
oval:org.mitre.oval:def:10316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316
oval:org.mitre.oval:def:6458
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458
CopyrightCopyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.