Test ID:	1.3.6.1.4.1.25623.1.0.71582
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201206-15 (libpng)
Summary:	The remote host is missing updates announced in;advisory GLSA 201206-15.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201206-15. Vulnerability Insight: Multiple vulnerabilities in libpng might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Solution: All libpng 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10' All libpng 1.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49' Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5063 http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.openwall.com/lists/oss-security/2011/03/22/7 http://www.openwall.com/lists/oss-security/2011/03/28/6 http://secunia.com/advisories/49660 Common Vulnerability Exposure (CVE) ID: CVE-2011-2501 BugTraq ID: 48474 http://www.securityfocus.com/bid/48474 Debian Security Information: DSA-2287 (Google Search) http://www.debian.org/security/2011/dsa-2287 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 http://www.openwall.com/lists/oss-security/2011/06/27/13 http://www.openwall.com/lists/oss-security/2011/06/28/16 http://www.redhat.com/support/errata/RHSA-2011-1105.html http://secunia.com/advisories/45046 http://secunia.com/advisories/45289 http://secunia.com/advisories/45405 http://secunia.com/advisories/45415 http://secunia.com/advisories/45460 http://secunia.com/advisories/45486 http://secunia.com/advisories/45492 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466 http://www.ubuntu.com/usn/USN-1175-1 XForce ISS Database: libpng-pngerror-dos(68517) https://exchange.xforce.ibmcloud.com/vulnerabilities/68517 Common Vulnerability Exposure (CVE) ID: CVE-2011-2690 45046 45405 45415 45460 45461 http://secunia.com/advisories/45461 45492 48660 http://www.securityfocus.com/bid/48660 49660 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html DSA-2287 FEDORA-2011-9336 GLSA-201206-15 MDVSA-2011:151 RHSA-2011:1104 http://www.redhat.com/support/errata/RHSA-2011-1104.html RHSA-2011:1105 USN-1175-1 [oss-security] 20110713 Security issues fixed in libpng 1.5.4 http://www.openwall.com/lists/oss-security/2011/07/13/2 http://support.apple.com/kb/HT5002 http://www.libpng.org/pub/png/libpng.html https://bugzilla.redhat.com/show_bug.cgi?id=720607 libpng-pngrgbtogray-bo(68538) https://exchange.xforce.ibmcloud.com/vulnerabilities/68538 Common Vulnerability Exposure (CVE) ID: CVE-2011-2691 HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 SSRT100852 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261 https://bugzilla.redhat.com/show_bug.cgi?id=720608 libpng-pngdefaulterror-dos(68537) https://exchange.xforce.ibmcloud.com/vulnerabilities/68537 Common Vulnerability Exposure (CVE) ID: CVE-2011-2692 45445 http://secunia.com/advisories/45445 48618 http://www.securityfocus.com/bid/48618 APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html RHSA-2011:1103 http://www.redhat.com/support/errata/RHSA-2011-1103.html VU#819894 http://www.kb.cert.org/vuls/id/819894 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement http://support.apple.com/kb/HT5281 https://bugzilla.redhat.com/show_bug.cgi?id=720612 libpng-png-file-dos(68536) https://exchange.xforce.ibmcloud.com/vulnerabilities/68536 Common Vulnerability Exposure (CVE) ID: CVE-2011-3026 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15032 http://secunia.com/advisories/48016 http://secunia.com/advisories/48110 SuSE Security Announcement: SUSE-SU-2012:0303 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html SuSE Security Announcement: openSUSE-SU-2012:0297 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3045 Debian Security Information: DSA-2439 (Google Search) http://www.debian.org/security/2012/dsa-2439 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 RedHat Security Advisories: RHSA-2012:0407 http://rhn.redhat.com/errata/RHSA-2012-0407.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html http://www.securitytracker.com/id?1026823 http://secunia.com/advisories/48320 http://secunia.com/advisories/48485 http://secunia.com/advisories/48512 http://secunia.com/advisories/48554 SuSE Security Announcement: openSUSE-SU-2012:0432 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html SuSE Security Announcement: openSUSE-SU-2012:0466 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3048 BugTraq ID: 52830 http://www.securityfocus.com/bid/52830 Debian Security Information: DSA-2446 (Google Search) http://www.debian.org/security/2012/dsa-2446 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:046 http://www.osvdb.org/80822 RedHat Security Advisories: RHSA-2012:0523 http://rhn.redhat.com/errata/RHSA-2012-0523.html http://www.securitytracker.com/id?1026879 http://secunia.com/advisories/48587 http://secunia.com/advisories/48644 http://secunia.com/advisories/48665 http://secunia.com/advisories/48721 http://secunia.com/advisories/48983 http://ubuntu.com/usn/usn-1417-1 XForce ISS Database: libpng-pngsettext2-code-execution(74494) https://exchange.xforce.ibmcloud.com/vulnerabilities/74494 Common Vulnerability Exposure (CVE) ID: CVE-2011-3464 http://secunia.com/advisories/47827
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.