FrSIRT - Fedora Security Update Fixes Cairo "read_png()" Integer Overflow Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Cairo "read_png()" Integer Overflow Issue

Title : Fedora Security Update Fixes Cairo "read_png()" Integer Overflow Issue
Advisory ID : FrSIRT/ADV-2008-0207
CVE ID : CVE-2007-5503
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-21

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

e18349d52b83005b03bf3d0c7b1719bbc822e784 cairo-debuginfo-1.4.14-1.fc7.ppc64.rpm
cdf5a5ae86307a5a316d9d938343e2a5c6c284d1 cairo-devel-1.4.14-1.fc7.ppc64.rpm
943fcd7c5dedd388c0c2f49f474b41b7269d0c46 cairo-1.4.14-1.fc7.ppc64.rpm
81cd5c142380605bf83b45c86e7a6340f7ee257e cairo-debuginfo-1.4.14-1.fc7.i386.rpm
7236f2512f13b2f1d9fa6f2ba65f8db35ed968d1 cairo-devel-1.4.14-1.fc7.i386.rpm
f8d60bc044fe46053386ce052946e81b20e96c80 cairo-1.4.14-1.fc7.i386.rpm
c4e893da16e6098835e0b63875c597bf98d4600d cairo-devel-1.4.14-1.fc7.x86_64.rpm
b70c59d27313d0f223f4ea1573033641c004358b cairo-1.4.14-1.fc7.x86_64.rpm
8b0d2e9f841277d50531e912a99a95fa6ae6ca3c cairo-debuginfo-1.4.14-1.fc7.x86_64.rpm
6f26b3b42bf35ce305ac7c6243d8abfcf5709948 cairo-debuginfo-1.4.14-1.fc7.ppc.rpm
329cd53b8ac8603cf8aed52994aca3c4196c7ff6 cairo-devel-1.4.14-1.fc7.ppc.rpm
b5885c6a3421c971f489b4fbaf72f826551ad6ef cairo-1.4.14-1.fc7.ppc.rpm
c1411819de683f5acf1dd33620d6f961d40b1925 cairo-1.4.14-1.fc7.src.rpm

ChangeLog

2008-01-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability