French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes LibPNG Code Execution and DoS Vulnerabilities

Title : Mandriva Security Update Fixes LibPNG Code Execution and DoS Vulnerabilities
Advisory ID : FrSIRT/ADV-2006-4566
CVE ID : CVE-2006-3334 - CVE-2006-5793
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-17

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Mandriva has released updated packages to address multiple vulnerabilities identified in LibPNG [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
45ad162b09535faffbcac12958fe49b6 2006.0/i586/libpng3-1.2.8-1.2.20060mdk.i586.rpm
d606c712b0fe3cb2846aa6e7d055e734 2006.0/i586/libpng3-devel-1.2.8-1.2.20060mdk.i586.rpm
2205db07f1fd59257fa7eada8c8f695d 2006.0/i586/libpng3-static-devel-1.2.8-1.2.20060mdk.i586.rpm
7b6c834aaf600fc44a64fa08cdd6961f 2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f977af66ce569366e9a44e4c1a73b715 2006.0/x86_64/lib64png3-1.2.8-1.2.20060mdk.x86_64.rpm
878c585798862bd39a27422252573213 2006.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mdk.x86_64.rpm
4220979712677c242d3e203650ff5236 2006.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mdk.x86_64.rpm
7b6c834aaf600fc44a64fa08cdd6961f 2006.0/SRPMS/libpng-1.2.8-1.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
9906d24fb91a92049217263cf0128bfc 2007.0/i586/libpng3-1.2.12-2.2mdv2007.0.i586.rpm
2d8452c09aca5596b29a1392aa250f2e 2007.0/i586/libpng3-devel-1.2.12-2.2mdv2007.0.i586.rpm
38829f47379a45ecfcc9061078b24489 2007.0/i586/libpng3-static-devel-1.2.12-2.2mdv2007.0.i586.rpm
503559d5befe0d3b557422359ca2cb7a 2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1a51b7fe5aabda61d420a573e5fe240e 2007.0/x86_64/lib64png3-1.2.12-2.2mdv2007.0.x86_64.rpm
bb66b6392ad998e1e697c9cb1171687b 2007.0/x86_64/lib64png3-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
232a26557eb1069284ed5ada81492221 2007.0/x86_64/lib64png3-static-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
503559d5befe0d3b557422359ca2cb7a 2007.0/SRPMS/libpng-1.2.12-2.2mdv2007.0.src.rpm

Corporate 3.0:
881d961819f17791dd2348c2b38153f7 corporate/3.0/i586/libpng3-1.2.5-10.7.C30mdk.i586.rpm
87b087c74ba0466ee6a6aa487c6d7159 corporate/3.0/i586/libpng3-devel-1.2.5-10.7.C30mdk.i586.rpm
5ae5cb1afdf63d50292a0d309f2789da corporate/3.0/i586/libpng3-static-devel-1.2.5-10.7.C30mdk.i586.rpm
3ed80f4657a551ebfff3cb87912ee8bc corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
2ab9e03623fb035928ba711818742bd3 corporate/3.0/x86_64/lib64png3-1.2.5-10.7.C30mdk.x86_64.rpm
dd2480239ee424f20a460fa2a087fcdf corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.7.C30mdk.x86_64.rpm
43ea6b6e435e31978bc54495972e2828 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.7.C30mdk.x86_64.rpm
3ed80f4657a551ebfff3cb87912ee8bc corporate/3.0/SRPMS/libpng-1.2.5-10.7.C30mdk.src.rpm

Corporate 4.0:
27c277f505d08abde9ba7ef6ec17123e corporate/4.0/i586/libpng3-1.2.8-1.2.20060mlcs4.i586.rpm
dc70e227da5ec0514d5056319f336076 corporate/4.0/i586/libpng3-devel-1.2.8-1.2.20060mlcs4.i586.rpm
6d267d5422d0e3e9e2868398ed1c8864 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.2.20060mlcs4.i586.rpm
462209b43657d92d6468b161eb779911 corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
090b1f0b32a0b980681b35c8aec5f323 corporate/4.0/x86_64/lib64png3-1.2.8-1.2.20060mlcs4.x86_64.rpm
96f0df2464cc042fc9fabfd3b1304d7a corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm
818a20ce635900040bc7ff3a1b330e38 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.2.20060mlcs4.x86_64.rpm
462209b43657d92d6468b161eb779911 corporate/4.0/SRPMS/libpng-1.2.8-1.2.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
c2faf16ec4411b18adf61729e8cc285e mnf/2.0/i586/libpng3-1.2.5-10.7.M20mdk.i586.rpm
52c3ea1ea57c1574d66bc62dab0b3df6 mnf/2.0/i586/libpng3-devel-1.2.5-10.7.M20mdk.i586.rpm
ba313a457f4647177ad33ba7fab48d4e mnf/2.0/i586/libpng3-static-devel-1.2.5-10.7.M20mdk.i586.rpm
9cb65939c4d3165b2c806ae5b64cab08 mnf/2.0/SRPMS/libpng-1.2.5-10.7.M20mdk.src.rpm

Mandriva Linux 2007.0:
a2d0440a0b3a9c931479800703a2d60e 2007.0/i586/pxelinux-3.20-3.1mdv2007.0.i586.rpm
1dcefe1c500d17ddc430c9990b202c2b 2007.0/i586/syslinux-3.20-3.1mdv2007.0.i586.rpm
4c973128add1460edb19f4826a1bad7a 2007.0/i586/syslinux-devel-3.20-3.1mdv2007.0.i586.rpm
3893ea9327016ffbd67429924376378d 2007.0/SRPMS/syslinux-3.20-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
f8a364fb18e1a5a17d9112738925555c 2007.0/x86_64/pxelinux-3.20-3.1mdv2007.0.i586.rpm
dc169368f3b24012fd34030a82de0367 2007.0/x86_64/syslinux-3.20-3.1mdv2007.0.i586.rpm
e4ef6f30ce1ff80b91e21e883eff1d27 2007.0/x86_64/syslinux-devel-3.20-3.1mdv2007.0.i586.rpm
3893ea9327016ffbd67429924376378d 2007.0/SRPMS/syslinux-3.20-3.1mdv2007.0.src.rpm

Mandriva Linux 2006.0:
0ea71d307e69d9edd950e75cabafd7c0 2006.0/i586/pxelinux-3.11-1.1.20060mdk.i586.rpm
dff7ef13f57d61a451b77b00918e07cd 2006.0/i586/pxelinux-devel-3.11-1.1.20060mdk.i586.rpm
a9c531ff69efb2df50a8a00311181f65 2006.0/SRPMS/pxelinux-3.11-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
deec78c2bf5e26ff7d7aab58cf5a2fc5 2006.0/x86_64/pxelinux-3.11-1.1.20060mdk.i586.rpm
52d33b5d03e87636fbda2e643dc60882 2006.0/x86_64/pxelinux-devel-3.11-1.1.20060mdk.i586.rpm
a9c531ff69efb2df50a8a00311181f65 2006.0/SRPMS/pxelinux-3.11-1.1.20060mdk.src.rpm

Corporate 4.0:
b0d3ea9fb11f47f5b60d35e511c069cf corporate/4.0/i586/pxelinux-3.11-1.1.20060mlcs4.i586.rpm
c34a3638a6042258306fa591a542f880 corporate/4.0/i586/pxelinux-devel-3.11-1.1.20060mlcs4.i586.rpm
68a203b1315849d3f690e2c5dd05b994 corporate/4.0/SRPMS/pxelinux-3.11-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
101bf5ce7b71092aa0d867475c71713b corporate/4.0/x86_64/pxelinux-3.11-1.1.20060mlcs4.i586.rpm
b8e512bf0b8ce91b64fad1a69735360c corporate/4.0/x86_64/pxelinux-devel-3.11-1.1.20060mlcs4.i586.rpm
68a203b1315849d3f690e2c5dd05b994 corporate/4.0/SRPMS/pxelinux-3.11-1.1.20060mlcs4.src.rpm

Mandriva Linux 2006.0:
f85fd4b73ca06136e4346df073851e5f 2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm
0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
fc3e569bd8ad2aa9aea76a6f4246cfec 2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm
0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
9d0af28627560057e6c80e64bbacf030 2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm
f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7fca6ebbe6f07e51de7fd771678277b4 2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm
f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm

Corporate 3.0:
9452cede2d92671808eebe1adfc395ef corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm
9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
d988dc94c39515b3855116709bcc84de corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm
9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm

Corporate 4.0:
a3b4702c81d1739249d59782efb316dc corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm
8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0568b10460c651f18fd3e2a8e76b4300 corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm
8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm

Mandriva Linux 2007.0:
7d7fd24f8be5c881673c11ed7fdda1d0 2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm
6175ab1df71466a69049dbda899c7c4b 2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm
4dda1bbb70cce5cb6f1112995992ee1e 2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c2b87550ef24da183d0fe78e850080b5 2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm
91e024a81f7ff04e49f429259feaf4cd 2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm
4dda1bbb70cce5cb6f1112995992ee1e 2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm

Corporate 3.0:
69ca9e0a4887c915bc283164b763b054 corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm
4ca444ca9edb34229f0d1449f2e4d82f corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm
5007614bdfc283a0f5bb854955606ed1 corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
96a4f2c6ba97c16d04f816656a88d674 corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm
5b229452f499143e5d1dd73420d120aa corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm
5007614bdfc283a0f5bb854955606ed1 corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm

ChangeLog

2006-11-17 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Cisco UCM SIP Remote Denial of Service

Cisco IOS Denial of Service and Security Bypass Vulnerabilities

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM DB2 Universal Database Multiple Denial of Service

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy