SuSE 10 Security Update : libpng (ZYPP Patch Number 2325)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG
file could be use to cause an out-of-bounds read, effectively crashing
the PNG viewer or webbrowser. (CVE-2006-5793)

Additionally a 2 byte stackoverflow was fixed which we do not believe
to be exploitable. It will cause an abort of the viewer or webbrowser
in SUSE Linux 10.0 and newer due to string overflow checking.
(CVE-2006-3334)

See also :

http://support.novell.com/security/cve/CVE-2006-3334.html
http://support.novell.com/security/cve/CVE-2006-5793.html

Solution :

Apply ZYPP patch number 2325.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 29507 ()

Bugtraq ID:

CVE ID: CVE-2006-3334
CVE-2006-5793

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now