Mandriva Linux Security Advisory : libpng (MDVSA-2010:133)

High Nessus Plugin ID 48192

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in libpng :

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file (CVE-2008-6218.

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row (CVE-2010-1205).

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249).

As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory.

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 48192

File Name: mandriva_MDVSA-2010-133.nasl

Version: 1.13

Type: local

Published: 2010/07/30

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:htmldoc, p-cpe:/a:mandriva:linux:htmldoc-nogui, p-cpe:/a:mandriva:linux:lib64png-devel, p-cpe:/a:mandriva:linux:lib64png-static-devel, p-cpe:/a:mandriva:linux:lib64png3, p-cpe:/a:mandriva:linux:lib64xulrunner-devel, p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.6, p-cpe:/a:mandriva:linux:libpng-devel, p-cpe:/a:mandriva:linux:libpng-source, p-cpe:/a:mandriva:linux:libpng-static-devel, p-cpe:/a:mandriva:linux:libpng3, p-cpe:/a:mandriva:linux:libxulrunner-devel, p-cpe:/a:mandriva:linux:libxulrunner1.9.2.6, p-cpe:/a:mandriva:linux:mozilla-thunderbird, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail, p-cpe:/a:mandriva:linux:nsinstall, p-cpe:/a:mandriva:linux:xulrunner, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/07/15

Reference Information

CVE: CVE-2008-6218, CVE-2010-1205, CVE-2010-2249

BID: 31920, 41174

MDVSA: 2010:133

CWE: 399