FrSIRT - Fedora Security Update Fixes Libpng Denial of Service Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Libpng Denial of Service Vulnerabilities

Title : Fedora Security Update Fixes Libpng Denial of Service Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3605
CVE ID : CVE-2007-5266 - CVE-2007-5267 - CVE-2007-5268 - CVE-2007-5269
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-25

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

0dddd75819b6bd2f6a2e2104fe82e0acd94fd180 libpng10-devel-1.0.29-1.fc7.ppc64.rpm
6079f9c55085f62bf2e1bc5ad3ac1025de216282 libpng10-debuginfo-1.0.29-1.fc7.ppc64.rpm
0b146e9285af5905b743e5524c5edb441503b42e libpng10-1.0.29-1.fc7.ppc64.rpm
842e1efaa6ca4a4b783e40f9ae72623f84490cd7 libpng10-debuginfo-1.0.29-1.fc7.i386.rpm
256ad47b46257de67897cf36514ba0984d71efa4 libpng10-1.0.29-1.fc7.i386.rpm
2ab451e2117e5e017b91c6a79a86e97f41b3c500 libpng10-devel-1.0.29-1.fc7.i386.rpm
685bd2898df5fd32965cbeeb65291cbdeba4a68e libpng10-devel-1.0.29-1.fc7.x86_64.rpm
862e399944ab8d60d6490e7169555f435e3a04f3 libpng10-1.0.29-1.fc7.x86_64.rpm
0e586e948f42fc948d3fd737fb44b2d09ffe294e libpng10-debuginfo-1.0.29-1.fc7.x86_64.rpm
e0599552087d9bf7a5a78aa64f00b767048defc8 libpng10-devel-1.0.29-1.fc7.ppc.rpm
7f91839a840080d1d1b31863e1bb889e37256ebc libpng10-1.0.29-1.fc7.ppc.rpm
4ef0e0830875ecea2b206eab2ea629bc126012f1 libpng10-debuginfo-1.0.29-1.fc7.ppc.rpm
65558acbcd59927d15d04b100e4e68594422739d libpng10-1.0.29-1.fc7.src.rpm
2cdfd6b92a9fffeefbdce60fcddde452edb75aaf libpng-1.2.22-1.fc7.ppc64.rpm
658fac8d256cd3c97a65f65b3536585a93161ec4 libpng-devel-1.2.22-1.fc7.ppc64.rpm
693a47154913ae78ba8fb267c97d45eda50b2e60 libpng-debuginfo-1.2.22-1.fc7.ppc64.rpm
9803281a0957e1b33e8e36391130aa7367ae1807 libpng-static-1.2.22-1.fc7.ppc64.rpm
80d621b0f0b9f3e43e96d6fa107e6e287e130b62 libpng-devel-1.2.22-1.fc7.i386.rpm
33aaa7092550fb211689f6fc46a383045d0e9788 libpng-debuginfo-1.2.22-1.fc7.i386.rpm
f4055c459e1780b71fcb45fd99a6cba06c51635e libpng-1.2.22-1.fc7.i386.rpm
eb39a8b5adb4542b712a29e98a9545229f7927ab libpng-static-1.2.22-1.fc7.i386.rpm
8252f38537f6af003eebe5ae08a3a33e218e8754 libpng-debuginfo-1.2.22-1.fc7.x86_64.rpm
10c3d1160d11994d1873fee515cddcc9ba3bc57a libpng-devel-1.2.22-1.fc7.x86_64.rpm
b8590897aac036d63855eea510edea2b55bbb9af libpng-static-1.2.22-1.fc7.x86_64.rpm
6410cae8c1acdc1ef04d0688d5a5b8f1bf330a90 libpng-1.2.22-1.fc7.x86_64.rpm
954263fd7565757de7b6dd3448bf49c847052882 libpng-devel-1.2.22-1.fc7.ppc.rpm
3bae37ae9fd4176f84fd06d6736788798f530eec libpng-1.2.22-1.fc7.ppc.rpm
a73d283a926db4a7fb95b18e7adda4b0e134bdbd libpng-debuginfo-1.2.22-1.fc7.ppc.rpm
41761795c2fb360b0bb18d41f9707cb56180881c libpng-static-1.2.22-1.fc7.ppc.rpm
aecf2aff2f1b8d41b1323362598bb5ee22b196d4 libpng-1.2.22-1.fc7.src.rpm

ChangeLog

2007-10-25 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities