FrSIRT - Fedora Security Update Fixes Libpng Denial of Service Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Libpng Denial of Service Vulnerabilities

Title : Fedora Security Update Fixes Libpng Denial of Service Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3737
CVE ID : CVE-2007-5269
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-06

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

a3ad279b3ad57fa400c4f4d399a41160c0d56139 SRPMS/libpng-1.2.10-10.fc6.src.rpm
a3ad279b3ad57fa400c4f4d399a41160c0d56139 noarch/libpng-1.2.10-10.fc6.src.rpm
191d90cc3707d58332e6f46458b92fa0de8efa0c ppc/debug/libpng-debuginfo-1.2.10-10.fc6.ppc.rpm
5f9ab7a311b3915cd2c3d61169e74bb650caa5ff ppc/libpng-1.2.10-10.fc6.ppc.rpm
76cc4ed531defe62d6b7b4bd53d9bbfddcefeef7 ppc/libpng-devel-1.2.10-10.fc6.ppc.rpm
f67eee4818850201eb1c948bb8b21abca6d2216c x86_64/libpng-1.2.10-10.fc6.x86_64.rpm
be350a48d12913f9420f2cfc470c635508e21918 x86_64/debug/libpng-debuginfo-1.2.10-10.fc6.x86_64.rpm
33af6f8df736ed07899f60ad866008fa47ea4606 x86_64/libpng-devel-1.2.10-10.fc6.x86_64.rpm
a9a91ed26b66d5f684a06278c2df6a9e2cbdc7fb i386/debug/libpng-debuginfo-1.2.10-10.fc6.i386.rpm
1be72a3fea013be33ccd5abc22a07109dba023e8 i386/libpng-1.2.10-10.fc6.i386.rpm
5a4d9196a9c5b122e94f8634b8baeef2e6228c8a i386/libpng-devel-1.2.10-10.fc6.i386.rpm

ChangeLog

2007-11-06 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities