FrSIRT - Fedora Security Update Fixes Libpng Multiple Function Denial of Service Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Libpng Multiple Function Denial of Service Vulnerabilities

Title : Fedora Security Update Fixes Libpng Multiple Function Denial of Service Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-1929
CVE ID : CVE-2006-5793 - CVE-2007-2445
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-24

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Two vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

43313a4aa1a0f3bd6123bdd6d10c74dac4c0f971 SRPMS/libpng-1.2.8-3.fc5.src.rpm
43313a4aa1a0f3bd6123bdd6d10c74dac4c0f971 noarch/libpng-1.2.8-3.fc5.src.rpm
8f971f98ba3ec5bb23d37648790bfe5d969f4f9f ppc/debug/libpng-debuginfo-1.2.8-3.fc5.ppc.rpm
3c8a7d86940cfa67385020adbb443bbe947cee5d ppc/libpng-devel-1.2.8-3.fc5.ppc.rpm
d652d258676e6ba568886453dbcd17fcd59c82de ppc/libpng-1.2.8-3.fc5.ppc.rpm
38a61a110d2b9a43dc9084dfe28505bfc0ed7f11 x86_64/libpng-1.2.8-3.fc5.x86_64.rpm
349a992443fa18699816aba08888f731a2cfb9f5 x86_64/libpng-devel-1.2.8-3.fc5.x86_64.rpm
0a94b85e17fd05f7cc8a78180f21fb4d5619f2d9 x86_64/debug/libpng-debuginfo-1.2.8-3.fc5.x86_64.rpm
8cd6bf80c0bf84707f692bf98f27b79dd320fcb6 i386/libpng-devel-1.2.8-3.fc5.i386.rpm
aac487ce0e3b87d0fe532b915212fd36e5d73b49 i386/debug/libpng-debuginfo-1.2.8-3.fc5.i386.rpm
e08b6bcc57d7afdb3ba35bdbe11e502b5bc596d4 i386/libpng-1.2.8-3.fc5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

34fada9e91ca73d6becb9a401125e0bb70861568 SRPMS/libpng-1.2.10-9.fc6.src.rpm
34fada9e91ca73d6becb9a401125e0bb70861568 noarch/libpng-1.2.10-9.fc6.src.rpm
3146e179f64145312801df7bc4a2c799c9fc60d4 ppc/debug/libpng-debuginfo-1.2.10-9.fc6.ppc.rpm
d23c50d2216b498baadd0c26173ab61e3975f620 ppc/libpng-1.2.10-9.fc6.ppc.rpm
358b6a6519773839725dd7b26a3d89543c927165 ppc/libpng-devel-1.2.10-9.fc6.ppc.rpm
f1624428116ca1fe02e0d59e3d27dc1ecfcffb0e x86_64/libpng-devel-1.2.10-9.fc6.x86_64.rpm
1dad10a249295a62ae5ead11d5b67c345717a428 x86_64/libpng-1.2.10-9.fc6.x86_64.rpm
7f7da096b28dae824fdfdb8b27dad4f5087ecd56 x86_64/debug/libpng-debuginfo-1.2.10-9.fc6.x86_64.rpm
1e0bdeeaf5124ce62c00dd5813a585e037da2500 i386/libpng-devel-1.2.10-9.fc6.i386.rpm
d38f59aabda59b586c2944a9020ba15d51a74060 i386/libpng-1.2.10-9.fc6.i386.rpm
cd9e0d94d20fc0cc151fcd5232735e8c8d970f66 i386/debug/libpng-debuginfo-1.2.10-9.fc6.i386.rpm

ChangeLog

2007-05-24 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues