FrSIRT - Fedora Security Update Fixes Libpng tRNS Chunk Processing Denial of Service Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Libpng tRNS Chunk Processing Denial of Service Issue

Title : Fedora Security Update Fixes Libpng tRNS Chunk Processing Denial of Service Issue
Advisory ID : FrSIRT/ADV-2007-2028
CVE ID : CVE-2007-2445
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-04

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/7/

e9d0f41b57d69f1e6586e0b503ef9b6ccc3e5e9a libpng10-devel-1.0.26-1.fc7.1.ppc64.rpm
2ef256533015c24e8f118d522545ed18a8643ed9 libpng10-1.0.26-1.fc7.1.ppc64.rpm
35238b6de27fb1400b6843fb26dd6d4acc27cc33 libpng10-debuginfo-1.0.26-1.fc7.1.ppc64.rpm
0a3e2caac921bdd85bca761ee19cd17172e130b0 libpng10-1.0.26-1.fc7.1.i386.rpm
58be28d63413aff84fcf3e36ffeb8884e751cca8 libpng10-devel-1.0.26-1.fc7.1.i386.rpm
6b9e214bf674647fa3ccd46983d82c000f822708 libpng10-debuginfo-1.0.26-1.fc7.1.i386.rpm
35f6ec7b1b873d8c303ca519b60d68fda09b08c9 libpng10-1.0.26-1.fc7.1.x86_64.rpm
c0a5ee9564b9c3aaf59aa5c55f0532c3484e0b05 libpng10-devel-1.0.26-1.fc7.1.x86_64.rpm
27f21433ba444324e108340c79b41952358e7a5d libpng10-debuginfo-1.0.26-1.fc7.1.x86_64.rpm
925fde948bb53bb0c7bd531bb954ad85a925c941 libpng10-1.0.26-1.fc7.1.ppc.rpm
a9d7f273e7adff68cc418b68d6c666574deaef8b libpng10-debuginfo-1.0.26-1.fc7.1.ppc.rpm
5896b5ca2aba2dee876323315f56fc3057079c76 libpng10-devel-1.0.26-1.fc7.1.ppc.rpm
d10cc045eb953333e8b60bb54984b815b0c088ec libpng10-1.0.26-1.fc7.1.src.rpm

ChangeLog

2007-06-04 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues