RHEL 2.1 : libpng (RHSA-2003:007)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated libpng packages are available which fix a buffer overflow
vulnerability.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
2.1

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format.

Unpatched versions of libpng 1.2.1 and earlier do not correctly
calculate offsets, which leads to a buffer overflow and the
possibility of arbitrary code execution. This could be exploited by an
attacker creating a carefully crafted PNG file which could execute
arbitrary code when the victim views it.

Packages within Red Hat Linux Advanced Server, such as Mozilla, make
use of the shared libpng library. All users are advised to upgrade to
the errata packages, which contain libpng 1.0.14 with a backported
patch that corrects this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1363.html
http://rhn.redhat.com/errata/RHSA-2003-007.html

Solution :

Update the affected libpng and / or libpng-devel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12348 ()

Bugtraq ID:

CVE ID: CVE-2002-1363