{"cve": [{"lastseen": "2017-08-17T11:14:22", "bulletinFamily": "NVD", "description": "libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file.", "modified": "2017-08-16T21:30:38", "published": "2009-06-12T16:30:00", "id": "CVE-2009-2042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2042", "title": "CVE-2009-2042", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-170-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64258", "id": "OPENVAS:64258", "title": "Slackware Advisory SSA:2009-170-01 libpng", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_170_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.\n\nJeff Phillips discovered an uninitialized-memory-read bug affecting interlaced\nimages that may have security implications.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-170-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-170-01\";\n \nif(description)\n{\n script_id(64258);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-170-01 libpng \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.37-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:37", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpng\n libpng-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65878", "id": "OPENVAS:65878", "title": "SLES10: Security update for libpng", "type": "openvas", "sourceData": "#\n#VID slesp2-libpng-6326\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libpng\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpng\n libpng-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65878);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for libpng\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.8~19.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.8~19.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update to mingw32-libpng\nannounced via advisory FEDORA-2009-5977.", "modified": "2017-07-10T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64222", "id": "OPENVAS:64222", "title": "Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5977.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5977 (mingw32-libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix libpng vulnerability (RHBZ#504782).\n\nChangeLog:\n\n* Tue Jun 9 2009 Richard W.M. Jones - 1.2.37-1\n- New upstream version 1.2.37 to fix SECURITY bug RHBZ#504782.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update mingw32-libpng' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5977\";\ntag_summary = \"The remote host is missing an update to mingw32-libpng\nannounced via advisory FEDORA-2009-5977.\";\n\n\n\nif(description)\n{\n script_id(64222);\n script_version(\"$Revision: 6624 $\");\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504782\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libpng\nannounced via advisory FEDORA-2009-6506.", "modified": "2017-07-10T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64238", "id": "OPENVAS:64238", "title": "Fedora Core 11 FEDORA-2009-6506 (libpng)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6506.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6506 (libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files. PNG\nis a bit-mapped graphics format similar to the GIF format. PNG was\ncreated to replace the GIF format, since GIF uses a patented data\ncompression algorithm.\n\nLibpng should be installed if you need to manipulate PNG format image\nfiles.\n\nUpdate Information:\n\nUpdate to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue,\nbut it's been classified as a security issue...\n\nChangeLog:\n\n* Sat Jun 13 2009 Tom Lane 2:1.2.37-1\n- Update to libpng 1.2.37, to fix CVE-2009-2042\nRelated: #504782\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libpng' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6506\";\ntag_summary = \"The remote host is missing an update to libpng\nannounced via advisory FEDORA-2009-6506.\";\n\n\n\nif(description)\n{\n script_id(64238);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-6506 (libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504782\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:15", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpng12-0\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065689", "id": "OPENVAS:136141256231065689", "type": "openvas", "title": "SLES11: Security update for libpng", "sourceData": "#\n#VID 347346dddae72c6d0521d44e36060298\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libpng\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpng12-0\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=514727\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65689\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES11: Security update for libpng\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.31~5.12.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:28", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200906-01.", "modified": "2018-04-06T00:00:00", "published": "2009-06-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064313", "id": "OPENVAS:136141256231064313", "title": "Gentoo Security Advisory GLSA 200906-01 (libpng)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered in libpng that allows for information\n disclosure.\";\ntag_solution = \"All libpng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.37'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200906-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=272970\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200906-01.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64313\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200906-01 (libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.37\"), vulnerable: make_list(\"lt 1.2.37\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to mingw32-libpng\nannounced via advisory FEDORA-2009-5977.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064222", "id": "OPENVAS:136141256231064222", "title": "Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5977.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5977 (mingw32-libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix libpng vulnerability (RHBZ#504782).\n\nChangeLog:\n\n* Tue Jun 9 2009 Richard W.M. Jones - 1.2.37-1\n- New upstream version 1.2.37 to fix SECURITY bug RHBZ#504782.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update mingw32-libpng' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5977\";\ntag_summary = \"The remote host is missing an update to mingw32-libpng\nannounced via advisory FEDORA-2009-5977.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64222\");\n script_version(\"$Revision: 9350 $\");\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504782\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update to mingw32-libpng\nannounced via advisory FEDORA-2009-6400.", "modified": "2017-07-10T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64233", "id": "OPENVAS:64233", "title": "Fedora Core 10 FEDORA-2009-6400 (mingw32-libpng)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6400.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6400 (mingw32-libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix libpng vulnerability (RHBZ#504782).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update mingw32-libpng' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6400\";\ntag_summary = \"The remote host is missing an update to mingw32-libpng\nannounced via advisory FEDORA-2009-6400.\";\n\n\n\nif(description)\n{\n script_id(64233);\n script_version(\"$Revision: 6624 $\");\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-6400 (mingw32-libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504782\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.2.37~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libpng\nannounced via advisory FEDORA-2009-6506.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064238", "id": "OPENVAS:136141256231064238", "title": "Fedora Core 11 FEDORA-2009-6506 (libpng)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6506.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6506 (libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files. PNG\nis a bit-mapped graphics format similar to the GIF format. PNG was\ncreated to replace the GIF format, since GIF uses a patented data\ncompression algorithm.\n\nLibpng should be installed if you need to manipulate PNG format image\nfiles.\n\nUpdate Information:\n\nUpdate to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue,\nbut it's been classified as a security issue...\n\nChangeLog:\n\n* Sat Jun 13 2009 Tom Lane 2:1.2.37-1\n- Update to libpng 1.2.37, to fix CVE-2009-2042\nRelated: #504782\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libpng' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6506\";\ntag_summary = \"The remote host is missing an update to libpng\nannounced via advisory FEDORA-2009-6506.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64238\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-6506 (libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504782\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.37~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:53", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpng12-0\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65689", "id": "OPENVAS:65689", "title": "SLES11: Security update for libpng", "type": "openvas", "sourceData": "#\n#VID 347346dddae72c6d0521d44e36060298\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libpng\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpng12-0\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=514727\");\n script_id(65689);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2042\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES11: Security update for libpng\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.31~5.12.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-02T00:05:09", "bulletinFamily": "scanner", "description": "This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)", "modified": "2014-06-13T00:00:00", "published": "2009-07-21T00:00:00", "id": "SUSE_11_1_LIBPNG-DEVEL-090624.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40266", "title": "openSUSE Security Update : libpng-devel (libpng-devel-1046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng-devel-1046.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40266);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:35 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n\n script_name(english:\"openSUSE Security Update : libpng-devel (libpng-devel-1046)\");\n script_summary(english:\"Check for the libpng-devel-1046 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpng-devel-1.2.31-4.38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpng12-0-1.2.31-4.38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpng3-1.2.31-4.38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.31-4.38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-4.38.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:34:21", "bulletinFamily": "scanner", "description": "This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)", "modified": "2012-05-17T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE_LIBPNG-6326.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41549", "title": "SuSE 10 Security Update : libpng (ZYPP Patch Number 6326)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41549);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:12:38 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n\n script_name(english:\"SuSE 10 Security Update : libpng (ZYPP Patch Number 6326)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2042.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6326.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libpng-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libpng-devel-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libpng-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libpng-devel-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.25\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:01", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200906-01 (libpng: Information disclosure)\n\n Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file.\n Impact :\n\n A remote attacker might entice a user to open a specially crafted PNG file, possibly resulting in the disclosure of sensitive memory portions.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-200906-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39561", "published": "2009-06-28T00:00:00", "title": "GLSA-200906-01 : libpng: Information disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200906-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39561);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_xref(name:\"GLSA\", value:\"200906-01\");\n\n script_name(english:\"GLSA-200906-01 : libpng: Information disclosure\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200906-01\n(libpng: Information disclosure)\n\n Jeff Phillips discovered that libpng does not properly parse 1-bit\n interlaced images with width values that are not divisible by 8, which\n causes libpng to include uninitialized bits in certain rows of a PNG\n file.\n \nImpact :\n\n A remote attacker might entice a user to open a specially crafted PNG\n file, possibly resulting in the disclosure of sensitive memory\n portions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200906-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libpng users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.37'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libpng\", unaffected:make_list(\"ge 1.2.37\"), vulnerable:make_list(\"lt 1.2.37\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:40:12", "bulletinFamily": "scanner", "description": "This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)", "modified": "2013-10-25T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE_11_LIBPNG-DEVEL-090624.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41426", "title": "SuSE 11 Security Update : libpng (SAT Patch Number 1039)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41426);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:00 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n\n script_name(english:\"SuSE 11 Security Update : libpng (SAT Patch Number 1039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2042.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1039.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpng-devel-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpng12-0-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpng-devel-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpng12-0-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libpng12-0-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libpng12-0-32bit-1.2.31-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:00", "bulletinFamily": "scanner", "description": "New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced images that may have security implications.", "modified": "2018-06-27T00:00:00", "id": "SLACKWARE_SSA_2009-170-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39472", "published": "2009-06-21T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2009-170-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-170-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39472);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_xref(name:\"SSA\", value:\"2009-170-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2009-170-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security\nissue. Jeff Phillips discovered an uninitialized-memory-read bug\naffecting interlaced images that may have security implications.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8bfa2e99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.2.37\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:38:05", "bulletinFamily": "scanner", "description": "This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)", "modified": "2012-04-23T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE9_12444.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41308", "title": "SuSE9 Security Update : libpng (YOU Patch Number 12444)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41308);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:14:43 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n\n script_name(english:\"SuSE9 Security Update : libpng (YOU Patch Number 12444)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2042.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12444.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libpng-1.2.5-182.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libpng-devel-1.2.5-182.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libpng-32bit-9-200906232031\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:59", "bulletinFamily": "scanner", "description": "Fix libpng vulnerability (RHBZ#504782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2009-5977.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39397", "published": "2009-06-16T00:00:00", "title": "Fedora 11 : mingw32-libpng-1.2.37-1.fc11 (2009-5977)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-5977.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39397);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:50:38 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_xref(name:\"FEDORA\", value:\"2009-5977\");\n\n script_name(english:\"Fedora 11 : mingw32-libpng-1.2.37-1.fc11 (2009-5977)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix libpng vulnerability (RHBZ#504782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504782\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024599.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7795796d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"mingw32-libpng-1.2.37-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libpng\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:10:48", "bulletinFamily": "scanner", "description": "This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)", "modified": "2014-06-13T00:00:00", "published": "2009-10-06T00:00:00", "id": "SUSE_LIBPNG-6324.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42016", "title": "openSUSE 10 Security Update : libpng (libpng-6324)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng-6324.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42016);\n script_version (\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:31:02 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n\n script_name(english:\"openSUSE 10 Security Update : libpng (libpng-6324)\");\n script_summary(english:\"Check for the libpng-6324 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libpng-1.2.18-15.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libpng-devel-1.2.18-15.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libpng-32bit-1.2.18-15.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.18-15.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:59", "bulletinFamily": "scanner", "description": "Fix libpng vulnerability (RHBZ#504782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2009-6400.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39405", "published": "2009-06-16T00:00:00", "title": "Fedora 10 : mingw32-libpng-1.2.37-1.fc10 (2009-6400)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6400.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39405);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:50:38 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n script_bugtraq_id(35233);\n script_xref(name:\"FEDORA\", value:\"2009-6400\");\n\n script_name(english:\"Fedora 10 : mingw32-libpng-1.2.37-1.fc10 (2009-6400)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix libpng vulnerability (RHBZ#504782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504782\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025011.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?370a8a90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"mingw32-libpng-1.2.37-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libpng\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:33:34", "bulletinFamily": "scanner", "description": "This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)", "modified": "2014-06-13T00:00:00", "published": "2009-07-21T00:00:00", "id": "SUSE_11_0_LIBPNG-DEVEL-090624.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40040", "title": "openSUSE Security Update : libpng-devel (libpng-devel-1046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng-devel-1046.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40040);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-2042\");\n\n script_name(english:\"openSUSE Security Update : libpng-devel (libpng-devel-1046)\");\n script_summary(english:\"Check for the libpng-devel-1046 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng improves the parsing of 1-bit interlaced images.\nThis bug could be abused to use 'out-of-bounds pixels' to read memory.\n(CVE-2009-2042)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpng-devel-1.2.26-14.10\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpng12-0-1.2.26-14.10\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpng3-1.2.26-14.10\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.26-14.10\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.26-14.10\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200906-01\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Low\r\n Title: libpng: Information disclosure\r\n Date: June 27, 2009\r\n Bugs: #272970\r\n ID: 200906-01\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA vulnerability has been discovered in libpng that allows for\r\ninformation disclosure.\r\n\r\nBackground\r\n==========\r\n\r\nlibpng is the official PNG reference library used to read, write and\r\nmanipulate PNG images.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-libs/libpng < 1.2.37 >= 1.2.37\r\n\r\nDescription\r\n===========\r\n\r\nJeff Phillips discovered that libpng does not properly parse 1-bit\r\ninterlaced images with width values that are not divisible by 8, which\r\ncauses libpng to include uninitialized bits in certain rows of a PNG\r\nfile.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker might entice a user to open a specially crafted PNG\r\nfile, possibly resulting in the disclosure of sensitive memory\r\nportions.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll libpng users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.37"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2009-2042\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200906-01.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2009 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "modified": "2009-06-29T00:00:00", "published": "2009-06-29T00:00:00", "id": "SECURITYVULNS:DOC:22103", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22103", "title": "[ GLSA 200906-01 ] libpng: Information disclosure", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2010-0007\r\nSynopsis: VMware hosted products, vCenter Server and ESX\r\n patches resolve multiple security issues\r\nIssue date: 2010-04-09\r\nUpdated on: 2010-04-09 (initial release of advisory)\r\nCVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042\r\n CVE-2009-1564 CVE-2009-1565 CVE-2009-3732\r\n CVE-2009-3707 CVE-2010-1138 CVE-2010-1139\r\n CVE-2010-1141\r\n- -------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware hosted products, vCenter Server and ESX patches resolve\r\n multiple security issues.\r\n\r\n2. Relevant releases\r\n\r\n VMware Workstation 7.0,\r\n VMware Workstation 6.5.3 and earlier,\r\n VMware Player 3.0,\r\n VMware Player 2.5.3 and earlier,\r\n VMware ACE 2.6,\r\n VMware ACE 2.5.3 and earlier,\r\n VMware Server 2.0.2 and earlier,\r\n VMware Fusion 3.0,\r\n VMware Fusion 2.0.6 and earlier,\r\n VMware VIX API for Windows 1.6.x,\r\n\r\n VMware ESXi 4.0 before patch ESXi400-201002402-BG\r\n\r\n VMware ESXi 3.5 before patch ESXe350-200912401-T-BG\r\n\r\n VMware ESX 4.0 without patches ESX400-201002401-BG,\r\n ESX400-200911223-UG\r\n\r\n VMware ESX 3.5 without patch ESX350-200912401-BG\r\n\r\n VMware ESX 3.0.3 without patch ESX303-201002203-UG\r\n\r\n VMware ESX 2.5.5 without Upgrade Patch 15.\r\n\r\n Notes:\r\n Effective May 2010, VMware's patch and update release program during\r\n Extended Support will be continued with the condition that all\r\n subsequent patch and update releases will be based on the latest\r\n baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,\r\n ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section\r\n "End of Product Availability FAQs" at\r\n http://www.vmware.com/support/policies/lifecycle/vi/faq.html for\r\n details.\r\n\r\n Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan\r\n to upgrade to at least ESX 3.0.3 and preferably to the newest\r\n release available.\r\n\r\n Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan\r\n to upgrade to at least ESX 3.5 and preferably to the newest release\r\n available.\r\n\r\n End of General Support for VMware Workstation 6.x is 2011-04-27,\r\n users should plan to upgrade to the newest release available.\r\n\r\n End of General Support for VMware Server 2.0 is 2011-06-30, users\r\n should plan to upgrade to the newest release of either ESXi or\r\n VMware Player.\r\n\r\n Extended support for Virtual Center 2.0.2 is 2011-12-10, users\r\n should plan to upgrade to the newest release of vCenter Server.\r\n\r\n3. Problem Description\r\n\r\n a. Windows-based VMware Tools Unsafe Library Loading vulnerability\r\n\r\n A vulnerability in the way VMware libraries are referenced allows\r\n for arbitrary code execution in the context of the logged on user.\r\n This vulnerability is present only on Windows Guest Operating\r\n Systems.\r\n\r\n In order for an attacker to exploit the vulnerability, the attacker\r\n would need to lure the user that is logged on a Windows Guest\r\n Operating System to click on the attacker's file on a network\r\n share. This file could be in any file format. The attacker will\r\n need to have the ability to host their malicious files on a\r\n network share.\r\n\r\n VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS\r\n Security (http://www.acrossecurity.com) for reporting this issue\r\n to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2010-1141 to this issue.\r\n\r\n Steps needed to remediate this vulnerability:\r\n\r\n Guest systems on VMware Workstation, Player, ACE, Server, Fusion\r\n - Install the remediated version of Workstation, Player, ACE,\r\n Server and Fusion.\r\n - Upgrade tools in the virtual machine (virtual machine users\r\n will be prompted to upgrade).\r\n\r\n Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5\r\n - Install the relevant patches (see below for patch identifiers)\r\n - Manually upgrade tools in the virtual machine (virtual machine\r\n users will not be prompted to upgrade). Note the VI Client will\r\n not show the VMware tools is out of date in the summary tab.\r\n Please see http://tinyurl.com/27mpjo page 80 for details.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available. See above for remediation\r\n details.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n Workstation 7.x any not affected\r\n Workstation 6.5.x any 6.5.4 build 246459 or later\r\n\r\n Player 3.x any not affected\r\n Player 2.5.x any 2.5.4 build 246459 or later\r\n\r\n ACE 2.6.x Windows not affected\r\n ACE 2.5.x Windows 2.5.4 build 246459 or later\r\n\r\n Server 2.x any 2.0.2 build 203138 or later\r\n\r\n Fusion 3.x Mac OS/X not affected\r\n Fusion 2.x Mac OS/X 2.0.6 build 246742 or later\r\n\r\n ESXi 4.0 ESXi ESXi400-201002402-BG\r\n ESXi 3.5 ESXi ESXe350-200912401-T-BG or later\r\n\r\n ESX 4.0 ESX ESX400-201002401-BG\r\n ESX 3.5 ESX ESX350-200912401-BG\r\n ESX 3.0.3 ESX ESX303-201002203-UG\r\n ESX 2.5.5 ESX Upgrade Patch 15\r\n\r\n b. Windows-based VMware Tools Arbitrary Code Execution vulnerability\r\n\r\n A vulnerability in the way VMware executables are loaded allows for\r\n arbitrary code execution in the context of the logged on user. This\r\n vulnerability is present only on Windows Guest Operating Systems.\r\n\r\n In order for an attacker to exploit the vulnerability, the attacker\r\n would need to be able to plant their malicious executable in a\r\n certain location on the Virtual Machine of the user. On most\r\n recent versions of Windows (XP, Vista) the attacker would need to\r\n have administrator privileges to plant the malicious executable in\r\n the right location.\r\n\r\n Steps needed to remediate this vulnerability: See section 3.a.\r\n\r\n VMware would like to thank Mitja Kolsek of ACROS Security\r\n (http://www.acrossecurity.com) for reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2010-1142 to this issue.\r\n\r\n Refer to the previous table in section 3.a for what action\r\n remediates the vulnerability (column 4) if a solution is\r\n available. See above for remediation details.\r\n\r\n c. Windows-based VMware Workstation and Player host privilege\r\n escalation\r\n\r\n A vulnerability in the USB service allows for a privilege\r\n escalation. A local attacker on the host of a Windows-based\r\n Operating System where VMware Workstation or VMware Player\r\n is installed could plant a malicious executable on the host and\r\n elevate their privileges.\r\n\r\n In order for an attacker to exploit the vulnerability, the attacker\r\n would need to be able to plant their malicious executable in a\r\n certain location on the host machine. On most recent versions of\r\n Windows (XP, Vista) the attacker would need to have administrator\r\n privileges to plant the malicious executable in the right location.\r\n\r\n VMware would like to thank Thierry Zoller for reporting this issue\r\n to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2010-1140 to this issue.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n Workstation 7.0 Windows 7.0.1 build 227600 or later\r\n Workstation 7.0 Linux not affected\r\n Workstation 6.5.x any not affected\r\n\r\n Player 3.0 Windows 3.0.1 build 227600 or later\r\n Player 3.0 Linux not affected\r\n Player 2.5.x any not affected\r\n\r\n Ace any any not affected\r\n\r\n Server 2.x any not affected\r\n\r\n Fusion any Mac OS/X not affected\r\n\r\n ESXi any ESXi not affected\r\n\r\n ESX any ESX not affected\r\n\r\n d. Third party library update for libpng to version 1.2.37\r\n\r\n The libpng libraries through 1.2.35 contain an uninitialized-\r\n memory-read bug that may have security implications.\r\n Specifically, 1-bit (2-color) interlaced images whose widths are\r\n not divisible by 8 may result in several uninitialized bits at the\r\n end of certain rows in certain interlace passes being returned to\r\n the user. An application that failed to mask these out-of-bounds\r\n pixels might display or process them, albeit presumably with benign\r\n results in most cases.\r\n\r\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\r\n has assigned the name CVE-2009-2042 to this issue.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not applicable\r\n\r\n Workstation 7.0 any 7.0.1 build 227600 or later\r\n Workstation 6.5.x any 6.5.4 build 246459 or later\r\n\r\n Player 3.0 any 3.0.1 build 227600 or later\r\n Player 2.5.x any 2.5.4 build 246459 or later\r\n\r\n Ace 2.6 Windows 2.6.1 build 227600 or later\r\n Ace 2.5.x Windows 2.5.4 build 246459 or later\r\n\r\n Server 2.x any not being fixed at this time\r\n\r\n Fusion any any Mac OS/X not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX any ESX not applicable\r\n\r\n e. VMware VMnc Codec heap overflow vulnerabilities\r\n\r\n The VMware movie decoder contains the VMnc media codec that is\r\n required to play back movies recorded with VMware Workstation,\r\n VMware Player and VMware ACE, in any compatible media player. The\r\n movie decoder is installed as part of VMware Workstation, VMware\r\n Player and VMware ACE, or can be downloaded as a stand alone\r\n package.\r\n\r\n Vulnerabilities in the decoder allow for execution of arbitrary\r\n code with the privileges of the user running an application\r\n utilizing the vulnerable codec.\r\n\r\n For an attack to be successful the user must be tricked into\r\n visiting a malicious web page or opening a malicious video file on\r\n a system that has the vulnerable version of the VMnc codec installed.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the names CVE-2009-1564 and CVE-2009-1565 to these\r\n issues.\r\n\r\n VMware would like to thank iDefense, Sebastien Renaud of VUPEN\r\n Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop\r\n of Secunia Research for reporting these issues to us.\r\n\r\n To remediate the above issues either install the stand alone movie\r\n decoder or update your product using the table below.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n Movie Decoder any Windows 6.5.4 Build 246459 or later\r\n\r\n Workstation 7.x any not affected\r\n Workstation 6.5.x Windows 6.5.4 build 246459 or later\r\n Workstation 6.5.x Linux not affected\r\n\r\n Player 3.x any not affected\r\n Player 2.5.x Windows 2.5.4 build 246459 or later\r\n Player 2.5.x Linux not affected\r\n\r\n ACE any any not affected\r\n\r\n Server 2.x Window not being addressed at this time\r\n Server 2.x Linux not affected\r\n\r\n Fusion any Mac OS/X not affected\r\n\r\n ESXi any ESXi not affected\r\n\r\n ESX any ESX not affected\r\n\r\nf. VMware Remote Console format string vulnerability\r\n\r\n VMware Remote Console (VMrc) contains a format string vulnerability.\r\n Exploitation of this issue may lead to arbitrary code execution on\r\n the system where VMrc is installed.\r\n\r\n For an attack to be successful, an attacker would need to trick the\r\n VMrc user into opening a malicious Web page or following a malicious\r\n URL. Code execution would be at the privilege level of the user.\r\n\r\n VMrc is present on a system if the VMrc browser plug-in has been\r\n installed. This plug-in is required when using the console feature in\r\n WebAccess. Installation of the plug-in follows after visiting the\r\n console tab in WebAccess and choosing "Install plug-in". The plug-\r\n in can only be installed on Internet Explorer and Firefox.\r\n\r\n Under the following two conditions your version of VMrc is likely\r\n to be affected:\r\n\r\n - the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0\r\n without patch ESX400-200911223-UG and\r\n - VMrc is installed on a Windows-based system\r\n\r\n The following steps allow you to determine if you have an affected\r\n version of VMrc installed:\r\n\r\n - Locate the VMrc executable vmware-vmrc.exe on your Windows-based\r\n system\r\n - Right click and go to Properties\r\n - Go to the tab "Versions"\r\n - Click "File Version" in the "Item Name" window\r\n - If the "Value" window shows "e.x.p build-158248", the version of\r\n VMrc is affected\r\n\r\n Remediation of this issue on Windows-based systems requires the\r\n following steps (Linux-based systems are not affected):\r\n\r\n - Uninstall affected versions of VMrc from the systems where the\r\n VMrc plug-in has been installed (use the Windows Add/Remove\r\n Programs interface)\r\n - Install vCenter 4.0 Update 1 or install the ESX 4.0 patch\r\n ESX400-200911223-UG\r\n - Login into vCenter 4.0 Update 1 or ESX 4.0 with patch\r\n ESX400-200911223-UG using WebAccess on the system where the VMrc\r\n needs to be re-installed\r\n - Re-install VMrc by going to the console tab in WebAccess. The\r\n Console tab is selectable after selecting a virtual machine.\r\n\r\n Note: the VMrc plug-in for Firefox on Windows-based operating\r\n systems is no longer compatible after the above remediation steps.\r\n Users are advised to use the Internet Explorer VMrc plug-in.\r\n\r\n VMware would like to thank Alexey Sintsov from Digital Security\r\n Research Group for reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2009-3732 to this issue.\r\n\r\n\r\n g. Windows-based VMware authd remote denial of service\r\n\r\n A vulnerability in vmware-authd could cause a denial of service\r\n condition on Windows-based hosts. The denial of service is limited\r\n to a crash of authd.\r\n\r\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\r\n has assigned the name CVE-2009-3707 to this issue.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n Workstation 7.0 Windows 7.0.1 build 227600 or later\r\n Workstation 7.0 Linux not affected\r\n Workstation 6.5.x Windows 6.5.4 build 246459 or later\r\n Workstation 6.5.x Linux not affected\r\n\r\n Player 3.0 Windows 3.0.1 build 227600 or later\r\n Player 3.x Linux not affected\r\n Player 2.5.x Windows 2.5.4 build 246459 or later\r\n Player 2.5.x Linux not affected\r\n\r\n Ace 2.6 Windows 2.6.1 build 227600 or later\r\n Ace 2.5.x Windows 2.5.4 build 246459 or later\r\n\r\n Server 2.x Windows not being addressed at this time\r\n Server 2.x Linux not affected\r\n\r\n Fusion any Mac OS/X not affected\r\n\r\n ESXi any any not affected\r\n\r\n ESX any any not affected\r\n\r\n h. Potential information leak via hosted networking stack\r\n\r\n A vulnerability in the virtual networking stack of VMware hosted\r\n products could allow host information disclosure.\r\n\r\n A guest operating system could send memory from the host vmware-vmx\r\n process to the virtual network adapter and potentially to the\r\n host's physical Ethernet wire.\r\n\r\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\r\n has assigned the name CVE-2010-1138 to this issue.\r\n\r\n VMware would like to thank Johann MacDonagh for reporting this\r\n issue to us.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n Workstation 7.0 any 7.0.1 build 227600 or later\r\n Workstation 6.5.x Windows 6.5.4 build 246459 or later\r\n Workstation 6.5.x Linux not affected\r\n\r\n Player 3.0 any 3.0.1 build 227600 or later\r\n Player 2.5.x Windows 2.5.4 build 246459 or later\r\n Player 2.5.x Linux not affected\r\n\r\n Ace 2.6 Windows 2.6.1 build 227600 or later\r\n Ace 2.5.x Windows 2.5.4 build 246459 or later\r\n\r\n Server 2.x any not being fixed at this time\r\n\r\n Fusion 3.0 Mac OS/X 3.0.1 build 232708 or later\r\n Fusion 2.x Mac OS/X 2.0.7 build 246742 or later\r\n\r\n ESXi any any not affected\r\n\r\n ESX any any not affected\r\n\r\n i. Linux-based vmrun format string vulnerability\r\n\r\n A format string vulnerability in vmrun could allow arbitrary code\r\n execution.\r\n\r\n If a vmrun command is issued and processes are listed, code could\r\n be executed in the context of the user listing the processes.\r\n\r\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\r\n has assigned the name CVE-2010-1139 to this issue.\r\n\r\n VMware would like to thank Thomas Toth-Steiner for reporting this\r\n issue to us.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n VIX API any Windows not affected\r\n VIX API 1.6.x Linux upgrade to VIX API 1.7 or later\r\n VIX API 1.6.x Linux64 upgrade to VIX API 1.7 or later\r\n\r\n Workstation 7.x any not affected\r\n Workstation 6.5.x Windows not affected\r\n Workstation 6.5.x Linux 6.5.4 build 246459 or later\r\n\r\n Player 3.x any not affected\r\n Player 2.5.x Windows not affected\r\n Player 2.5.x Linux 2.5.4 build 246459 or later\r\n\r\n Ace any Windows not affected\r\n\r\n Server 2.x Windows not affected\r\n Server 2.x Linux not being fixed at this time\r\n\r\n Fusion 3.x Mac OS/X not affected\r\n Fusion 2.x Mac OS/X 2.0.7 build 246742 or later\r\n\r\n ESXi any any not affected\r\n\r\n ESX any any not affected\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version\r\n and verify the md5sum and/or the sha1sum of your downloaded file.\r\n\r\n VMware Workstation Movie Decoder stand alone 6.5.4\r\n --------------------------------------------------\r\n\r\nhttp://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe\r\n md5sum: ea2ac5907ae4c5c323147fe155443ab8\r\n sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29\r\n\r\n VMware Workstation 7.0.1\r\n ------------------------\r\n For Windows\r\n\r\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN\r\n Release notes:\r\n http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\r\n\r\n Workstation for Windows 32-bit and 64-bit with VMware Tools\r\n md5sum: fc8502a748de3b8f94c5c9571c1f17d2\r\n sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\r\n\r\n Workstation for Windows 32-bit and 64-bit without VMware Tools\r\n md5sum: 6a18ea3847cb727b03f7890f5643db79\r\n sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\r\n\r\n For Linux\r\n http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX\r\n Release notes:\r\n http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\r\n\r\n Workstation for Linux 32-bit with VMware Tools\r\n md5sum: a896f7aaedde8799f21b52b89f5fc9ef\r\n sha1sum: f6d0789afa7927ca154973a071603a0bd098e697\r\n\r\n Workstation for Linux 32-bit without VMware Tools\r\n md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874\r\n sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f\r\n\r\n Workstation for Linux 64-bit with VMware Tools\r\n md5sum: 808682eaa6b202fa29172821f7378768\r\n sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac\r\n\r\n Workstation for Linux 64-bit without VMware Tools\r\n md5sum: 5116e27e7b13a76693402577bd9fda58\r\n sha1sum: dbcd045a889b95ac14828b8106631b678354e30a\r\n\r\n VMware Workstation 6.5.4\r\n ------------------------\r\n For Windows\r\n\r\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN\r\n Release Notes:\r\n http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\r\n\r\n Workstation for Windows 32-bit and 64-bit\r\n Windows 32-bit and 64-bit .exe\r\n md5sum: 2dc393fcc4e78dcf2165098a4938699a\r\n sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\r\n\r\n For Linux\r\n http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX\r\n Release Notes:\r\n http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\r\n\r\n Workstation for Linux 32-bit\r\n Linux 32-bit .rpm\r\n md5sum: 9efb43a604d50e541eb3be7081b8b198\r\n sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b\r\n\r\n Workstation for Linux 32-bit\r\n Linux 32-bit .bundle\r\n md5sum: 38760682ad3b2f6bfb4e40f424c95c2a\r\n sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a\r\n\r\n Workstation for Linux 64-bit\r\n Linux 64-bit .rpm\r\n md5sum: 24311492bc515e9bc98eff9b2e7d33a2\r\n sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5\r\n\r\n Workstation for Linux 64-bit\r\n Linux 64-bit .bundle\r\n md5sum: ed24296705ad48442549d9cb2b3c0d8d\r\n sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8\r\n\r\n\r\n VMware Player 3.0.1\r\n -------------------\r\n http://downloads.vmware.com/tryvmware/?p=player&lp=default\r\n Release notes:\r\nhttp://downloads.vmware.com/support/player30/doc/releasenotes_player301.html\r\n\r\n Player for Windows 32-bit and 64-bit\r\n md5sum: 78c92c0242c9540f68a629d4ac49c516\r\n sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf\r\n\r\n Player for Linux 32-bit (.bundle)\r\n md5sum: e7cd19d39c7bbd1aee582743d76a7863\r\n sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a\r\n\r\n Player for Linux 64-bit (.bundle)\r\n md5sum: 88b08537c6eea705883dc1755b97738c\r\n sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df\r\n\r\n VMware VIX API for Windows 32-bit and 64-bit\r\n md5sum: 2c46fc7e2516f331eb4dd23154d00a54\r\n sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9\r\n\r\n VMware VIX API for 32-bit Linux\r\n md5sum: 8b0994a26363246b5e954f97bd5a088d\r\n sha1sum: af93da138a158ee6e05780a5c4042414735987b6\r\n\r\n VMware VIX API for 64-bit Linux\r\n md5sum: ef7b9890c52b1e333f2357760a7fff85\r\n sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d\r\n\r\n VMware Player 2.5.4\r\n -------------------\r\n http://downloads.vmware.com/download/player/player_reg.html\r\n Release notes:\r\nhttp://downloads.vmware.com/support/player25/doc/releasenotes_player254.html\r\n\r\n Player for Windows 32-bit and 64-bit (.exe)\r\n md5sum: 531140a1eeed7d8b71f726b3d32a9174\r\n sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5\r\n\r\n Player for Linux (.rpm)\r\n md5sum: 1905f61af490f9760bef54450747e708\r\n sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d\r\n\r\n Player for Linux (.bundle)\r\n md5sum: 74f539005687a4efce7971f7ef019af5\r\n sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7\r\n\r\n Player for Linux - 64-bit (.rpm)\r\n md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39\r\n sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72\r\n\r\n Player for Linux - 64-bit (.bundle)\r\n md5sum: 175ce2f9656ff10a1327c0d48f80c65f\r\n sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22\r\n\r\n\r\n VMware ACE 2.6.1\r\n ----------------\r\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN\r\n Release notes:\r\n http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html\r\n\r\n VMware Workstation for 32-bit and 64-bit Windows with tools\r\n md5sum: fc8502a748de3b8f94c5c9571c1f17d2\r\n sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\r\n\r\n VMware Workstation for Windows 32-bit and 64-bit without tools\r\n md5sum: 6a18ea3847cb727b03f7890f5643db79\r\n sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\r\n\r\n ACE Management Server Virtual Appliance\r\n md5sum: e26d258c511572064e99774fbac9184c\r\n sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5\r\n\r\n ACE Management Server for Windows\r\n md5sum: e970828f2a5a62ac108879033a70f4b6\r\n sha1sum: eca89372eacc78c3130781d0d183715055d64798\r\n\r\n ACE Management Server for SUSE Enterprise Linux 9\r\n md5sum: 59b3ad5964daef2844e72fd1765590fc\r\n sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f\r\n\r\n ACE Management Server for Red Hat Enterprise Linux 4\r\n md5sum: 6623f6a8a645402a1c8c351ec99a1889\r\n sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d\r\n\r\n VMware ACE 2.5.4\r\n ----------------\r\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN\r\n Release notes:\r\n http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html\r\n\r\n VMware ACE for Windows 32-bit and 64-bit\r\n Windows 32-bit and 64-bit .exe\r\n md5sum: 2dc393fcc4e78dcf2165098a4938699a\r\n sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\r\n\r\n ACE Management Server Virtual Appliance\r\n AMS Virtual Appliance .zip\r\n md5sum: 3935f23d4a074e7a3429a1c80cfd2155\r\n sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3\r\n\r\n ACE Management Server for Windows\r\n Windows .exe\r\n md5sum: 1173bd7da6ed330a262ed4e2eff6562c\r\n sha1sum: d9bce88a350aa957f3387f870af763875d4d9110\r\n\r\n ACE Management Server for SUSE Enterprise Linux 9\r\n SLES 9 .rpm\r\n md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208\r\n sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134\r\n\r\n ACE Management Server for Red Hat Enterprise Linux 4\r\n RHEL 4 .rpm\r\n md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5\r\n sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe\r\n\r\n\r\n VMware Server 2.0.2\r\n -------------------\r\n http://www.vmware.com/download/server/\r\n Release notes:\r\n http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html\r\n\r\n VMware Server 2\r\n Version 2.0.2 | 203138 - 10/26/09\r\n 507 MB EXE image VMware Server 2 for Windows Operating Systems. A\r\n master installer file containing all Windows components of VMware\r\n Server.\r\n md5sum: a6430bcc16ff7b3a29bb8da1704fc38a\r\n sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b\r\n\r\n VIX API 1.6 for Windows\r\n Version 2.0.2 | 203138 - 10/26/09\r\n 37 MB image\r\n md5sum: 827e65e70803ec65ade62dd27a74407a\r\n sha1sum: a14281bc055271a19be3c88026e92304bc3f0e22\r\n\r\n For Linux\r\n\r\n VMware Server 2 for Linux Operating Systems.\r\n Version 2.0.2 | 203138 - 10/26/09\r\n 37 MB TAR image\r\n md5sum: 95ddea5a0579a35887bd15b083ffea20\r\n sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747\r\n\r\n VMware Server 2 for Linux Operating Systems 64-bit version.\r\n Version 2.0.2 | 203138 - 10/26/09\r\n 452 MB RPM image\r\n md5sum: 35c8b176601133749e4055e0034f8be6\r\n sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece\r\n\r\n The core application needed to run VMware Server 2, 64-bit version.\r\n Version 2.0.2 | 203138 - 10/26/09\r\n 451 MB TAR image\r\n md5sum: cc7aef813008eeb7150c21547d431b39\r\n sha1sum: b65d3d46dc947fc7995bda354c4947afabd23474\r\n\r\n\r\n VMware Fusion 3.0.2\r\n -------------------\r\n http://downloads.vmware.com/download/download.do?downloadGroup=FUS-302\r\n Release notes:\r\nhttp://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html\r\n\r\n VMware Fusion 3.0.2 (for Intel-based Macs)\r\n md5sum: aa17278a4a668eeb9f9467e4e3111ccc\r\n sha1sum: 58c3d63705ac90839f7c1ae14264177e1fd56df3\r\n\r\n VMware Fusion 3.0.2 Light for Mac (for Intel-based Macs)\r\n md5sum: 052ecbbfc4f59a85e2d08b4bd3ef0896\r\n sha1sum: 61e00487f4c649588099647d4a5f47ddf5b8ad01\r\n\r\n VMware Fusion 2.0.7\r\n -------------------\r\n http://downloads.vmware.com/download/download.do?downloadGroup=FUS-207\r\n Release notes:\r\nhttp://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html\r\n\r\n VMware Fusion 2.0.7 (for Intel-based Macs)\r\n md5sum: a293f5ce6ccc227760640753386e9da6\r\n sha1sum: ddfda92f9baf30e536bc485e42325d173a1aa370\r\n\r\n VMware Fusion 2.0.7 Light (for Intel-based Macs)\r\n md5sum: d4772d118fb90323f598849e70c21189\r\n sha1sum: 5c1df1597e77ebe0f0555749b281008ca5f2fb77\r\n\r\n\r\n VIX API 1.7 Version: 1.7 | 2009-08-26 | 186713\r\n ----------------------------------------------\r\n VIX API for Window 32-bit and 64-bit\r\n Main installation file for Windows 32-bit and 64-bit host\r\n md5sum:b494fc3092f07d0f29cc06a19fe61306\r\n sha1sum:aa8638424cb7f25c1e42343134ac9f0bd2c2e0c9\r\n\r\n VIX API for Linux 32-bit\r\n md5sum:6b0ed8872d8b714363cddc68b6a77008\r\n sha1sum:8a9b12a61641394b347488119a7120eaa47dc2a1\r\n\r\n VIX API for Linux 64-bit\r\n md5sum:d57aa9f98058d5a386c18e14cc05bf4d\r\n sha1sum:3b7d4461ea257e795b322cc080f4ae29a230666b\r\n\r\n VIX API Version: 1.8.1 | 2009-10-11 | 207905\r\n ---------------------------------------------\r\n VIX API for Windows 32-bit and 64-bit\r\n md5sum:4f21e4cb518767bc08045f5a39f5d41f\r\n sha1sum:5b8275c549f9d9498bd2ed078557f1ce1986ac12\r\n\r\n VIX API for Linux 32-bit\r\n md5sum:f347e94d907c26754540d59956ee5d53\r\n sha1sum:6ddc6c9371ba127d04bc83bd55988a6c83366907\r\n\r\n VIX API for Linux 64-bit\r\n md5sum:b8a3982072d0d42c0c37dd7eb49d686c\r\n sha1sum:d044ac3dd42f806bc4ff48ddf584b5e3d82910c8\r\n\r\n VIX API Version: 1.10 Beta | 01/28/10 | 222403\r\n ----------------------------------------------\r\n VIX API for Windows 32-bit and 64-bit\r\n md5sum:ac5b6e9197cb68c302bfac9ed683e3af\r\n sha1sum:0d942e7409e88e684bdb65811e7be7f47d631a73\r\n\r\n VIX API for Linux 32-bit\r\n md5sum:07d1989d042e317eb9d2b3daf269dda7\r\n sha1sum:1e3840d426d7dfff53fa7e1bd22b09b56cf2362c\r\n\r\n VIX API for Linux 64-bit\r\n md5sum:9b345008e0adec3c044988307294944b\r\n sha1sum:7a54a893369c2227f7e8058430c40983168c6e0b\r\n\r\n\r\n ESXi\r\n ----\r\n ESXi 4.0 bulletin ESXi400-201002402-BG\r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-193-20100228-731251/ESXi400-201002001.zip\r\n md5sum: e5aa2968d389594abdc59cbac7b0183d\r\n sha1sum: bb50b3ad7934e3f9e24edc879b35e83b357343b2\r\n http://kb.vmware.com/kb/1018404\r\n\r\n ESXi 3.5\r\n --------\r\n ESXi 3.5 patch ESXe350-200912402-T-BG was first contained in\r\n ESXe350-200912401-O-BG from December 2009.\r\n\r\n The same patch, ESXe350-200912402-T-BG, is also contained in\r\n ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update.\r\n\r\n In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also\r\n included in ESXe350-201003401-O-BG from March 2010.\r\n\r\n\r\n ESXe350-201002401-O-SG (latest security update)\r\n http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip\r\n\r\n md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83\r\n\r\n http://kb.vmware.com/kb/1015047 (Vi Client)\r\n\r\n http://kb.vmware.com/kb/1016665 (VM Tools)\r\n\r\n http://kb.vmware.com/kb/1017685 (Firmware)\r\n\r\n\r\n\r\n The three ESXi patches for Firmware "I", VMware Tools "T," and the\r\n VI Client "C" are contained in a single offline "O" download file.\r\n\r\n\r\n ESX\r\n ---\r\n ESX 4.0 bulletin ESX400-201002401-BG\r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip\r\n md5sum: de62cbccaffa4b2b6831617f18c1ccb4\r\n sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab\r\n http://kb.vmware.com/kb/1018403\r\n\r\n Note: ESX400-201002001 contains the bundle with the security fix,\r\n ESX400-201002401-BG\r\n To install an individual bulletin use esxupdate with the -b option.\r\n esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG\r\n\r\n ESX 4.0 bulletin ESX400-200911223-UG\r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip\r\n md5sum: 99c1fcafbf0ca105ce73840d686e9914\r\n sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb\r\n http://kb.vmware.com/kb/1014842\r\n\r\n Note: ESX-4.0.0-update01a contains the bundle with the security fix,\r\n ESX400-200911223-UG\r\n To install an individual bulletin use esxupdate with the -b option.\r\n esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG\r\n\r\n ESX 3.5 patch ESX350-200912401-BG\r\n http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip\r\n md5sum: f1d3589745b4ae933554785aef22bacc\r\n sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47\r\n http://kb.vmware.com/kb/1016657\r\n\r\n ESX 3.0.3 patch ESX303-201002203-UG\r\n http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip\r\n md5sum: 49ee56b687707cbe6999836c315f081a\r\n http://kb.vmware.com/kb/1018030\r\n\r\n ESX 2.5.5 Upgrade Patch 15\r\n http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz\r\n md5sum: c346fe510b6e51145570e03083f77357\r\n sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4\r\n http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html\r\n\r\n\r\n5. References\r\n http://www.acrossecurity.com/advisories.htm\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141\r\n\r\n6. Change log\r\n2010-04-09 VMSA-2010-0007\r\nInitial security advisory after release of Workstation 6.5.4 and Fusion\r\n2.0.7 on 2010-04-08.\r\n\r\n- ------------------------------------------------------------------------\r\n7. Contact\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\nE-mail: security at vmware.com\r\nPGP key at: http://kb.vmware.com/kb/1055\r\n\r\nVMware Security Center\r\nhttp://www.vmware.com/security\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2010 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 (MingW32)\r\n\r\niD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT\r\nd58bjKG6Ic7m/TsoJP4M2tw=\r\n=Q1zv\r\n-----END PGP SIGNATURE-----", "modified": "2010-04-12T00:00:00", "published": "2010-04-12T00:00:00", "id": "SECURITYVULNS:DOC:23603", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23603", "title": "VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "description": "Code execution, privilege escalation, buffer overflow, format string vulnerabilities, DoS, information leaks.", "modified": "2010-04-19T00:00:00", "published": "2010-04-19T00:00:00", "id": "SECURITYVULNS:VULN:10754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10754", "title": "VMWare applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:12", "bulletinFamily": "unix", "description": "### Background\n\nlibpng is the official PNG reference library used to read, write and manipulate PNG images. \n\n### Description\n\nJeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file. \n\n### Impact\n\nA remote attacker might entice a user to open a specially crafted PNG file, possibly resulting in the disclosure of sensitive memory portions. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libpng users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.2.37\"", "modified": "2009-06-27T00:00:00", "published": "2009-06-27T00:00:00", "id": "GLSA-200906-01", "href": "https://security.gentoo.org/glsa/200906-01", "type": "gentoo", "title": "libpng: Information disclosure", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:47", "bulletinFamily": "unix", "description": "New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.\n\nJeff Phillips discovered an uninitialized-memory-read bug affecting interlaced\nimages that may have security implications.\n\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/libpng-1.2.37-i486-1_slack12.2.tgz: Upgraded.\n This update fixes a possible security issue. Jeff Phillips discovered an\n uninitialized-memory-read bug affecting interlaced images that may have\n security implications.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.37-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.37-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.37-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.37-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.37-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.37-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.37-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.37-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.37-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.37-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.37-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.2.37-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n1851e3199ffefdfa5fd8a99d895a40a3 libpng-1.2.37-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n4693d4a6794100fde58eaf5fa465ee8f libpng-1.2.37-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nec207cf4bfb1f847e50a6dbf3dc78115 libpng-1.2.37-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n1876f3ac377ce5d259c7ec3f6e0153a7 libpng-1.2.37-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n2ab0b1ac484925f30984636353d39bda libpng-1.2.37-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n0921f5d71d168b226cc3022d33fcbe23 libpng-1.2.37-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\na901f86a500ac565c4f37fa1d13510d9 libpng-1.2.37-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n3311aaf3084916f5c6945ebf82f7dffd libpng-1.2.37-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n5fa3c78fb2a34ead9921237ee40a5261 libpng-1.2.37-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n4ce1aa90b408c55a5727e8e7dee8bf0f libpng-1.2.37-i486-1_slack12.2.tgz\n\nSlackware -current package:\nd596d01bf2f7dc74080cf819f53d9417 libpng-1.2.37-i486-1.txz\n\nSlackware64 -current package:\n393078aee59637e0158612f3b46e4e7b libpng-1.2.37-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libpng-1.2.37-i486-1_slack12.2.tgz", "modified": "2009-06-19T18:18:38", "published": "2009-06-19T18:18:38", "id": "SSA-2009-170-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809", "title": "libpng", "type": "slackware", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:23", "bulletinFamily": "unix", "description": "It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)\n\nIt was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-0205)", "modified": "2010-03-16T00:00:00", "published": "2010-03-16T00:00:00", "id": "USN-913-1", "href": "https://usn.ubuntu.com/913-1/", "title": "libpng vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:12:49", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2032-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nApril 11, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libpng\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-2042 CVE-2010-0205\nDebian Bugs : 533676 572308\n\n\nSeveral vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2009-2042\n\nlibpng does not properly parse 1-bit interlaced images with width values\nthat are not divisible by 8, which causes libpng to include\nuninitialized bits in certain rows of a PNG file and might allow remote\nattackers to read portions of sensitive memory via "out-of-bounds\npixels" in the file.\n\n\nCVE-2010-0205\n\nlibpng does not properly handle compressed ancillary-chunk data that has\na disproportionately large uncompressed representation, which allows\nremote attackers to cause a denial of service (memory and CPU\nconsumption, and application hang) via a crafted PNG file\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.2.27-2+lenny3.\n\nFor the testing (squeeze) and unstable (sid) distribution, these\nproblems have been fixed in version 1.2.43-1\n\nWe recommend that you upgrade your libpng package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.dsc\n Size/MD5 checksum: 1201 abe81b0d3c4aa7a1fa418e29f2c5b297\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz\n Size/MD5 checksum: 19687 60ede1843ceb8a1f127c54b847a74dfa\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb\n Size/MD5 checksum: 880 028b00e28aad8282714776c5dcca64a8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_alpha.udeb\n Size/MD5 checksum: 86562 d9c50af59951e972557d393409b75bf2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_alpha.deb\n Size/MD5 checksum: 287752 1d7d84aee223c0933d1a616722607096\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_alpha.deb\n Size/MD5 checksum: 182436 001ecbf421f70ca521a3968f1d14c874\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_amd64.udeb\n Size/MD5 checksum: 71912 78fbe1a6568671e4c557ec12e29481b0\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_amd64.deb\n Size/MD5 checksum: 254500 481312a64867f31c363b7fbba9cfe171\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_amd64.deb\n Size/MD5 checksum: 167864 3d285c20d2f080313f82eb09dcb7261b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_arm.udeb\n Size/MD5 checksum: 64566 a4a9742190557d14beae40133fb46cf1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_arm.deb\n Size/MD5 checksum: 245438 a16f62e771622e05812172f7c7066504\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_arm.deb\n Size/MD5 checksum: 159612 81facf06de458dd6b1e84a78bb1acfc8\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_armel.udeb\n Size/MD5 checksum: 67028 56fc4199656d239231c7b8d8e035fead\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_armel.deb\n Size/MD5 checksum: 245930 9f64181bc16af0ad0de4ba2e86b25706\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_armel.deb\n Size/MD5 checksum: 162504 3129e1c2360fcba0309257e2b1dff8ca\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_hppa.udeb\n Size/MD5 checksum: 73858 9d5a53e3258b5149bee68a4d20067bf9\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_hppa.deb\n Size/MD5 checksum: 169602 12ddce05c84ef675c348a1e64f1a277c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_hppa.deb\n Size/MD5 checksum: 261788 9297cb916e57e2f912de3f16bcbae475\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb\n Size/MD5 checksum: 246968 083d472fd65f884c91dff5926e538342\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb\n Size/MD5 checksum: 165560 233945ee4b1e442357276431ce495a4c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb\n Size/MD5 checksum: 70094 769336f4574678e56931e1a1eaf6be6a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_ia64.deb\n Size/MD5 checksum: 305324 42d7265034b84662467bb75456653787\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_ia64.udeb\n Size/MD5 checksum: 111776 ad716022a6a22371bb83f3966ebe17d4\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_ia64.deb\n Size/MD5 checksum: 206866 572b9d18c5adba74a4e5b99714968a60\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_mipsel.deb\n Size/MD5 checksum: 262242 e905771ac3fa905cc03a3ddc8f9872dd\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_mipsel.udeb\n Size/MD5 checksum: 68370 4d44877866357a0fd8474fd8fe183616\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_mipsel.deb\n Size/MD5 checksum: 164154 93c02dbae7dfe59b77ce4b683b82eaef\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_powerpc.deb\n Size/MD5 checksum: 166402 1d470464fe2b493aef8d95dde5fd95d8\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_powerpc.udeb\n Size/MD5 checksum: 70682 1dd9713672dbac4a7434f1f96a1184b5\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_powerpc.deb\n Size/MD5 checksum: 253478 7a87577e07ed0bb9e759b973b2d7cf18\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_s390.udeb\n Size/MD5 checksum: 73470 52b1a911a81f133a83a387663aa3ffb2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_s390.deb\n Size/MD5 checksum: 252988 18b4c8b17b3e30ab6cce89c21c99fbfc\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_s390.deb\n Size/MD5 checksum: 169264 601982b9a97707ab05e1f4469cd8e20e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_sparc.deb\n Size/MD5 checksum: 161562 facd643206903acfa3a503c1d69e9248\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_sparc.udeb\n Size/MD5 checksum: 66032 cbbe521a9a5629987603a57b8c9f35be\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_sparc.deb\n Size/MD5 checksum: 247212 76b8fe782fd0e5f7546bd535f8d442bc\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-04-11T16:56:23", "published": "2010-04-11T16:56:23", "id": "DEBIAN:DSA-2032-1:B2E01", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00072.html", "title": "[SECURITY] [DSA 2032-1] New libpng packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:49", "bulletinFamily": "unix", "description": "[2:1.2.10-7.1.el5_5.3]\n- Back-port fixes for CVE-2009-2042, CVE-2010-0205, CVE-2010-1205,\n CVE-2010-2249\nResolves: #609921", "modified": "2010-07-14T00:00:00", "published": "2010-07-14T00:00:00", "id": "ELSA-2010-0534", "href": "http://linux.oracle.com/errata/ELSA-2010-0534.html", "title": "libpng security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:44:48", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0534\n\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA memory corruption flaw was found in the way applications, using the\nlibpng library and its progressive reading method, decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause an application using libpng to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-1205)\n\nA denial of service flaw was found in the way applications using the libpng\nlibrary decoded PNG images that have certain, highly compressed ancillary\nchunks. An attacker could create a specially-crafted PNG image that could\ncause an application using libpng to consume excessive amounts of memory\nand CPU time, and possibly crash. (CVE-2010-0205)\n\nA memory leak flaw was found in the way applications using the libpng\nlibrary decoded PNG images that use the Physical Scale (sCAL) extension. An\nattacker could create a specially-crafted PNG image that could cause an\napplication using libpng to exhaust all available memory and possibly crash\nor exit. (CVE-2010-2249)\n\nA sensitive information disclosure flaw was found in the way applications\nusing the libpng library processed 1-bit interlaced PNG images. An attacker\ncould create a specially-crafted PNG image that could cause an application\nusing libpng to disclose uninitialized memory. (CVE-2009-2042)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications using libpng or libpng10 must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016918.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016919.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016781.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016782.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016795.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016796.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016809.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016810.html\n\n**Affected packages:**\nlibpng\nlibpng-devel\nlibpng10\nlibpng10-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0534.html", "modified": "2010-08-16T16:37:03", "published": "2010-07-14T18:40:18", "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016781.html", "id": "CESA-2010:0534", "title": "libpng, libpng10 security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:45:37", "bulletinFamily": "unix", "description": "The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA memory corruption flaw was found in the way applications, using the\nlibpng library and its progressive reading method, decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause an application using libpng to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-1205)\n\nA denial of service flaw was found in the way applications using the libpng\nlibrary decoded PNG images that have certain, highly compressed ancillary\nchunks. An attacker could create a specially-crafted PNG image that could\ncause an application using libpng to consume excessive amounts of memory\nand CPU time, and possibly crash. (CVE-2010-0205)\n\nA memory leak flaw was found in the way applications using the libpng\nlibrary decoded PNG images that use the Physical Scale (sCAL) extension. An\nattacker could create a specially-crafted PNG image that could cause an\napplication using libpng to exhaust all available memory and possibly crash\nor exit. (CVE-2010-2249)\n\nA sensitive information disclosure flaw was found in the way applications\nusing the libpng library processed 1-bit interlaced PNG images. An attacker\ncould create a specially-crafted PNG image that could cause an application\nusing libpng to disclose uninitialized memory. (CVE-2009-2042)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications using libpng or libpng10 must be restarted for the update to\ntake effect.\n", "modified": "2018-05-26T04:26:18", "published": "2010-07-14T04:00:00", "id": "RHSA-2010:0534", "href": "https://access.redhat.com/errata/RHSA-2010:0534", "type": "redhat", "title": "(RHSA-2010:0534) Important: libpng security update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:52:34", "bulletinFamily": "unix", "description": "The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field (CVE-2009-0692). In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions (SLES10+, openSUSE) do have buffer overflow checking that guards against this kind of stack overflow though. So actual exploitability is rather unlikely.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-07-15T16:27:03", "published": "2009-07-15T16:27:03", "id": "SUSE-SA:2009:037", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html", "type": "suse", "title": "remote code execution in dhcp-client", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:37", "bulletinFamily": "unix", "description": "a. Windows-based VMware Tools Unsafe Library Loading vulnerability \n \nA vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems. \nIn order for an attacker to exploit the vulnerability, the attacker would need to lure the user that is logged on a Windows Guest Operating System to click on the attacker's file on a network share. This file could be in any file format. The attacker will need to have the ability to host their malicious files on a network share. \nVMware would like to thank Jure Skofic and Mitja Kolsek of ACROS Security ( <http://www.acrossecurity.com>) for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1141 to this issue. \nSteps needed to remediate this vulnerability: \n\\- Install the remediated version of Workstation, Player, ACE, Server and Fusion. \n\\- Upgrade tools in the virtual machine (virtual machine users will be prompted to upgrade). \n \nGuest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5 - Install the relevant patches (see below for patch identifiers) \n\\- Manually upgrade tools in the virtual machine (virtual machine users will not be prompted to upgrade). Note the VI Client will not show the VMware tools is out of date in the summary tab. \nPlease see <http://tinyurl.com/27mpjo> page 80 for details. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. See above for remediation details. \n\n", "modified": "2010-04-12T00:00:00", "published": "2010-04-09T00:00:00", "id": "VMSA-2010-0007", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0007.html", "title": "VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:12", "bulletinFamily": "info", "description": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities\n\nApple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 is now available and\n\naddresses the following:\n\nAppKit\n\nCVE-ID: CVE-2010-0056\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Spell checking a maliciously crafted document may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the spell checking feature\n\nused by Cocoa applications. Spell checking a maliciously crafted\n\ndocument may lead to an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nApplication Firewall\n\nCVE-ID: CVE-2009-2801\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Certain rules in the Application Firewall may become\n\ninactive after restart\n\nDescription: A timing issue in the Application Firewall may cause\n\ncertain rules to become inactive after reboot. The issue is addressed\n\nthrough improved handling of Firewall rules. This issue does not\n\naffect Mac OS X v10.6 systems. Credit to Michael Kisor of\n\nOrganicOrb.com for reporting this issue.\n\nAFP Server\n\nCVE-ID: CVE-2010-0057\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: When guest access is disabled, a remote user may be able to\n\nmount AFP shares as a guest\n\nDescription: An access control issue in AFP Server may allow a\n\nremote user to mount AFP shares as a guest, even if guest access is\n\ndisabled. This issue is addressed through improved access control\n\nchecks. Credit: Apple.\n\nAFP Server\n\nCVE-ID: CVE-2010-0533\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote user with guest access to an AFP share may access\n\nthe contents of world-readable files outside the Public share\n\nDescription: A directory traversal issue exists in the path\n\nvalidation for AFP shares. A remote user may enumerate the parent\n\ndirectory of the share root, and read or write files within that\n\ndirectory that are accessible to the \u2018nobody\u2019 user. This issue is\n\naddressed through improved handling of file paths. Credit to Patrik\n\nKarlsson of cqure.net for reporting this issue.\n\nApache\n\nCVE-ID: CVE-2009-3095\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to bypass access control\n\nrestrictions\n\nDescription: An input validation issue exists in Apache\u2019s handling\n\nof proxied FTP requests. A remote attacker with the ability to issue\n\nrequests through the proxy may be able to bypass access control\n\nrestrictions specified in the Apache configuration. This issue is\n\naddressed by updating Apache to version 2.2.14.\n\nClamAV\n\nCVE-ID: CVE-2010-0058\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: ClamAV virus definitions may not receive updates\n\nDescription: A configuration issue introduced in Security Update\n\n2009-005 prevents freshclam from running. This may prevent virus\n\ndefinitions from being updated. This issue is addressed by updating\n\nfreshclam\u2019s launchd plist ProgramArguments key values. This issue\n\ndoes not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil\n\nShipley of Delicious Monster, and David Ferrero of Zion Software, LLC\n\nfor reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0059\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDM2 encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0060\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDMC encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreMedia\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in CoreMedia\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nCoreTypes\n\nCVE-ID: CVE-2010-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Users are not warned before opening certain potentially\n\nunsafe content types\n\nDescription: This update adds .ibplugin and .url to the system\u2019s\n\nlist of content types that will be flagged as potentially unsafe\n\nunder certain circumstances, such as when they are downloaded from a\n\nweb page. While these content types are not automatically launched,\n\nif manually opened they could lead to the execution of a malicious\n\nJavaScript payload or arbitrary code execution. This update improves\n\nthe system\u2019s ability to notify users before handling content types\n\nused by Safari. Credit to Clint Ruoho of Laconic Security for\n\nreporting this issue.\n\nCUPS\n\nCVE-ID: CVE-2010-0393\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain system privileges\n\nDescription: A format string issue exists in the lppasswd CUPS\n\nutility. This may allow a local user to obtain system privileges. Mac\n\nOS X v10.6 systems are only affected if the setuid bit has been set\n\non the binary. This issue is addressed by using default directories\n\nwhen running as a setuid process. Credit to Ronald Volgers for\n\nreporting this issue.\n\ncurl\n\nCVE-ID: CVE-2009-2417\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A man-in-the-middle attacker may be able to impersonate a\n\ntrusted server\n\nDescription: A canonicalization issue exists in curl\u2019s handling of\n\nNULL characters in the subject\u2019s Common Name (CN) field of X.509\n\ncertificates. This may lead to man-in-the-middle attacks against\n\nusers of the curl command line tool, or applications using libcurl.\n\nThis issue is addressed through improved handling of NULL characters.\n\ncurl\n\nCVE-ID: CVE-2009-0037\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Using curl with -L may allow a remote attacker to read or\n\nwrite local files\n\nDescription: curl will follow HTTP and HTTPS redirects when used\n\nwith the -L option. When curl follows a redirect, it allows file://\n\nURLs. This may allow a remote attacker to access local files. This\n\nissue is addressed through improved validation of redirects. This\n\nissue does not affect Mac OS X v10.6 systems. Credit to Daniel\n\nStenberg of Haxx AB for reporting this issue.\n\nCyrus IMAP\n\nCVE-ID: CVE-2009-2632\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A local user may be able to obtain the privileges of the\n\nCyrus user\n\nDescription: A buffer overflow exists in the handling of sieve\n\nscripts. By running a maliciously crafted sieve script, a local user\n\nmay be able to obtain the privileges of the Cyrus user. This issue is\n\naddressed through improved bounds checking. This issue does not\n\naffect Mac OS X v10.6 systems.\n\nCyrus SASL\n\nCVE-ID: CVE-2009-0688\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: An unauthenticated remote attacker may cause unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the Cyrus SASL\n\nauthentication module. Using Cyrus SASL authentication may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0064\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Items copied in the Finder may be assigned an unexpected\n\nfile owner\n\nDescription: When performing an authenticated copy in the Finder,\n\noriginal file ownership may be unexpectedly copied. This update\n\naddresses the issue by ensuring that copied files are owned by the\n\nuser performing the copy. This issue does not affect systems prior to\n\nMac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,\n\nAL) for reporting this issue.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0537\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may gain access to user data via a multi-\n\nstage attack\n\nDescription: A path resolution issue in DesktopServices is\n\nvulnerable to a multi-stage attack. A remote attacker must first\n\nentice the user to mount an arbitrarily named share, which may be\n\ndone via a URL scheme. When saving a file using the default save\n\npanel in any application, and using \u201cGo to folder\u201d or dragging\n\nfolders to the save panel, the data may be unexpectedly saved to the\n\nmalicious share. This issue is addressed through improved path\n\nresolution. This issue does not affect systems prior to Mac OS X\n\nv10.6. Credit to Sidney San Martin working with DeepTech, Inc. for\n\nreporting this issue.\n\nDisk Images\n\nCVE-ID: CVE-2010-0065\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nbzip2 compressed disk images. Mounting a maliciously crafted disk\n\nimage may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed through improved bounds\n\nchecking. Credit: Apple.\n\nDisk Images\n\nCVE-ID: CVE-2010-0497\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to\n\narbitrary code execution\n\nDescription: A design issue exists in the handling of internet\n\nenabled disk images. Mounting an internet enabled disk image\n\ncontaining a package file type will open it rather than revealing it\n\nin the Finder. This file quarantine feature helps to mitigate this\n\nissue by providing a warning dialog for unsafe file types. This issue\n\nis addressed through improved handling of package file types on\n\ninternet enabled disk images. Credit to Brian Mastenbrook working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nDirectory Services\n\nCVE-ID: CVE-2010-0498\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may obtain system privileges\n\nDescription: An authorization issue in Directory Services\u2019 handling\n\nof record names may allow a local user to obtain system privileges.\n\nThis issue is addressed through improved authorization checks.\n\nCredit: Apple.\n\nDovecot\n\nCVE-ID: CVE-2010-0535\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to send and receive mail\n\neven if the user is not on the SACL of users who are permitted to do\n\nso\n\nDescription: An access control issue exists in Dovecot when Kerberos\n\nauthentication is enabled. This may allow an authenticated user to\n\nsend and receive mail even if the user is not on the service access\n\ncontrol list (SACL) of users who are permitted to do so. This issue\n\nis addressed through improved access control checks. This issue does\n\nnot affect systems prior to Mac OS X v10.6.\n\nEvent Monitor\n\nCVE-ID: CVE-2010-0500\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may cause arbitrary systems to be added to\n\nthe firewall blacklist\n\nDescription: A reverse DNS lookup is performed on remote ssh clients\n\nthat fail to authenticate. A plist injection issue exists in the\n\nhandling of resolved DNS names. This may allow a remote attacker to\n\ncause arbitrary systems to be added to the firewall blacklist. This\n\nissue is addressed by properly escaping resolved DNS names. Credit:\n\nApple.\n\nFreeRADIUS\n\nCVE-ID: CVE-2010-0524\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may obtain access to a network via RADIUS\n\nauthentication\n\nDescription: A certificate authentication issue exists in the\n\ndefault Mac OS X configuration of the FreeRADIUS server. A remote\n\nattacker may use EAP-TLS with an arbitrary valid certificate to\n\nauthenticate and connect to a network configured to use FreeRADIUS\n\nfor authentication. This issue is addressed by disabling support for\n\nEAP-TLS in the configuration. RADIUS clients should use EAP-TTLS\n\ninstead. This issue only affects Mac OS X Server systems. Credit to\n\nChris Linstruth of Qnet for reporting this issue.\n\nFTP Server\n\nCVE-ID: CVE-2010-0501\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Users may be able to retrieve files outside the FTP root\n\ndirectory\n\nDescription: A directory traversal issue exists in FTP Server. This\n\nmay allow a user to retrieve files outside the FTP root directory.\n\nThis issue is addressed through improved handling of file names. This\n\nissue only affects Mac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2006-1329\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An implementation issue exists in jabberd\u2019s handling of\n\nSASL negotiation. A remote attacker may be able to terminate the\n\noperation of jabberd. This issue is addressed through improved\n\nhandling of SASL negotiation. This issue only affects Mac OS X Server\n\nsystems.\n\niChat Server\n\nCVE-ID: CVE-2010-0502\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Chat messages may not be logged\n\nDescription: A design issue exists in iChat Server\u2019s support for\n\nconfigurable group chat logging. iChat Server only logs messages with\n\ncertain message types. This may allow a remote user to send a message\n\nthrough the server without it being logged. The issue is addressed by\n\nremoving the capability to disable group chat logs, and logging all\n\nmessages that are sent through the server. This issue only affects\n\nMac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2010-0503\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A use-after-free issue exists in iChat Server. An\n\nauthenticated user may be able to cause an unexpected application\n\ntermination or arbitrary code execution. This issue is addressed\n\nthrough improved memory reference tracking. This issue only affects\n\nMac OS X Server systems, and does not affect versions 10.6 or later.\n\niChat Server\n\nCVE-ID: CVE-2010-0504\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: Multiple stack buffer overflow issues exist in iChat\n\nServer. An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution. These issues are\n\naddressed through improved memory management. These issues only\n\naffect Mac OS X Server systems. Credit: Apple.\n\nImageIO\n\nCVE-ID: CVE-2010-0505\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of JP2\n\nimages. Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Service, and researcher\n\n\u201c85319bb6e6ab398b334509c50afce5259d42756e\u201d working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0041\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of BMP images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of BMP images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of TIFF images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of TIFF images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0043\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Processing a maliciously crafted TIFF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nTIFF images. Processing a maliciously crafted TIFF image may lead to\n\nan unexpected application termination or arbitrary code execution.\n\nThis issue is addressed through improved memory handling. This issue\n\ndoes not affect systems prior to Mac OS X v10.6. Credit to Gus\n\nMueller of Flying Meat for reporting this issue.\n\nImage RAW\n\nCVE-ID: CVE-2010-0506\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of NEF\n\nimages. Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems. Credit: Apple.\n\nImage RAW\n\nCVE-ID: CVE-2010-0507\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of PEF\n\nimages. Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Services for reporting\n\nthis issue.\n\nLibsystem\n\nCVE-ID: CVE-2009-0689\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Applications that convert untrusted data between binary\n\nfloating point and text may be vulnerable to an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the floating point binary\n\nto text conversion code within Libsystem. An attacker who can cause\n\nan application to convert a floating point value into a long string,\n\nor to parse a maliciously crafted string as a floating point value,\n\nmay be able to cause an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. Credit to Maksymilian Arciemowicz of\n\nSecurityReason.com for reporting this issue.\n\nMail\n\nCVE-ID: CVE-2010-0508\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Rules associated with a deleted mail account remain in\n\neffect\n\nDescription: When a mail account is deleted, user-defined filter\n\nrules associated with that account remain active. This may result in\n\nunexpected actions. This issue is addressed by disabling associated\n\nrules when a mail account is deleted.\n\nMail\n\nCVE-ID: CVE-2010-0525\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mail may use a weaker encryption key for outgoing email\n\nDescription: A logic issue exists in Mail\u2019s handling of encryption\n\ncertificates. When multiple certificates for the recipient exist in\n\nthe keychain, Mail may select an encryption key that is not intended\n\nfor encipherment. This may lead to a security issue if the chosen key\n\nis weaker than expected. This issue is addressed by ensuring that the\n\nkey usage extension within certificates is evaluated when selecting a\n\nmail encryption key. Credit to Paul Suh of ps Enable, Inc. for\n\nreporting this issue.\n\nMailman\n\nCVE-ID: CVE-2008-0564\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in Mailman 2.1.9\n\nDescription: Multiple cross-site scripting issues exist in Mailman\n\n2.1.9. These issues are addressed by updating Mailman to version\n\n2.1.13. Further information is available via the Mailman site at\n\nhttp://mail.python.org/pipermail/mailman-\n\nannounce/2009-January/000128.html These issues only affect Mac OS X\n\nServer systems, and do not affect versions 10.6 or later.\n\nMySQL\n\nCVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,\n\nCVE-2009-4030\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in MySQL 5.0.82\n\nDescription: MySQL is updated to version 5.0.88 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitrary code\n\nexecution. These issues only affect Mac OS X Server systems. Further\n\ninformation is available via the MySQL web site at\n\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\n\nOS Services\n\nCVE-ID: CVE-2010-0509\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain elevated privileges\n\nDescription: A privilege escalation issue exists in SFLServer, as it\n\nruns as group \u2018wheel\u2019 and accesses files in users\u2019 home directories.\n\nThis issue is addressed through improved privilege management. Credit\n\nto Kevin Finisterre of DigitalMunition for reporting this issue.\n\nPassword Server\n\nCVE-ID: CVE-2010-0510\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to log in with an outdated\n\npassword\n\nDescription: An implementation issue in Password Server\u2019s handling\n\nof replication may cause passwords to not be replicated. A remote\n\nattacker may be able to log in to a system using an outdated\n\npassword. This issue is addressed through improved handling of\n\npassword replication. This issue only affects Mac OS X Server\n\nsystems. Credit to Jack Johnson of Anchorage School District for\n\nreporting this issue.\n\nperl\n\nCVE-ID: CVE-2008-5302, CVE-2008-5303\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A local user may cause arbitrary files to be deleted\n\nDescription: Multiple race condition issues exist in the rmtree\n\nfunction of the perl module File::Path. A local user with write\n\naccess to a directory that is being deleted may cause arbitrary files\n\nto be removed with the privileges of the perl process. This issue is\n\naddressed through improved handling of symbolic links. This issue\n\ndoes not affect Mac OS X v10.6 systems.\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in PHP 5.3.0\n\nDescription: PHP is updated to version 5.3.1 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitary code\n\nexecution. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,\n\nCVE-2009-4143\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in PHP 5.2.11\n\nDescription: PHP is updated to version 5.2.12 to address multiple\n\nvulnerabilities, the most serious of which may lead to cross-site\n\nscripting. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPodcast Producer\n\nCVE-ID: CVE-2010-0511\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: An unauthorized user may be able to access a Podcast\n\nComposer workflow\n\nDescription: When a Podcast Composer workflow is overwritten, the\n\naccess restrictions are removed. This may allow an unauthorized user\n\nto access a Podcast Composer workflow. This issue is addressed\n\nthrough improved handling of workflow access restrictions. Podcast\n\nComposer was introduced in Mac OS X Server v10.6.\n\nPreferences\n\nCVE-ID: CVE-2010-0512\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A network user may be able to bypass system login\n\nrestrictions\n\nDescription: An implementation issue exists in the handling of\n\nsystem login restrictions for network accounts. If the network\n\naccounts allowed to log in to the system at the Login Window are\n\nidentified by group membership only, the restriction will not be\n\nenforced, and all network users will be allowed to log in to the\n\nsystem. The issue is addressed through improved group restriction\n\nmanagement in the Accounts preference pane. This issue only affects\n\nsystems configured to use a network account server, and does not\n\naffect systems prior to Mac OS X v10.6. Credit to Christopher D.\n\nGrieb of University of Michigan MSIS for reporting this issue.\n\nPS Normalizer\n\nCVE-ID: CVE-2010-0513\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PostScript file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A stack buffer overflow exists in the handling of\n\nPostScript files. Viewing a maliciously crafted PostScript file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of PostScript files. On Mac OS X v10.6 systems this issue\n\nis mitigated by the -fstack-protector compiler flag. Credit: Apple.\n\nQuickTime\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in QuickTime\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0514\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of H.261\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of H.261 encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0515\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption in the handling of H.264 encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of H.264\n\nencoded movie files.\n\nQuickTime\n\nCVE-ID: CVE-2010-0516\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of RLE encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of RLE encoded\n\nmovie files. Credit to an anonymous researcher working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0517\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of M-JPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of M-JPEG encoded movie files. Credit to Damian Put\n\nworking with TippingPoint\u2019s Zero Day Initiative for reporting this\n\nissue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0518\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nSorenson encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of Sorenson encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0519\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: An integer overflow exists in the handling of FlashPix\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0520\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of FLC\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of FLC encoded movie files. Credit to Moritz Jodeit of\n\nn.runs AG, working with TippingPoint\u2019s Zero Day Initiative, and\n\nNicols Joly of VUPEN Security for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0526\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted MPEG file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of MPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of MPEG encoded movie files. Credit to an anonymous\n\nresearcher working with TippingPoint\u2019s Zero Day Initiative for\n\nreporting this issue.\n\nRuby\n\nCVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple issues in Ruby on Rails\n\nDescription: Multiple vulnerabilities exist in Ruby on Rails, the\n\nmost serious of which may lead to cross-site scripting. On Mac OS X\n\nv10.6 systems, these issues are addressed by updating Ruby on Rails\n\nto version 2.3.5. Mac OS X v10.5 systems are affected only by\n\nCVE-2009-4214, and this issue is addressed through improved\n\nvalidation of arguments to strip_tags.\n\nRuby\n\nCVE-ID: CVE-2009-1904\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Running a Ruby script that uses untrusted input to\n\ninitialize a BigDecimal object may lead to an unexpected application\n\ntermination\n\nDescription: A stack exhaustion issue exists in Ruby\u2019s handling of\n\nBigDecimal objects with very large values. Running a Ruby script that\n\nuses untrusted input to initialize a BigDecimal object may lead to an\n\nunexpected application termination. For Mac OS X v10.6 systems, this\n\nissue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS\n\nv10.5 systems, this issue is addressed by updating Ruby to version\n\n1.8.6-p369.\n\nServer Admin\n\nCVE-ID: CVE-2010-0521\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may extract information from Open\n\nDirectory\n\nDescription: A design issue exists in the handling of authenticated\n\ndirectory binding. A remote attacker may be able to anonymously\n\nextract information from Open Directory, even if the \u201cRequire\n\nauthenticated binding between directory and clients\u201d option is\n\nenabled. The issue is addressed by removing this configuration\n\noption. This issue only affects Mac OS X Server systems. Credit to\n\nScott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS\n\nComputervertriebsgesellschaft mbH for reporting this issue.\n\nServer Admin\n\nCVE-ID: CVE-2010-0522\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A former administrator may have unauthorized access to\n\nscreen sharing\n\nDescription: A user who is removed from the \u2018admin\u2019 group may still\n\nconnect to the server using screen sharing. This issue is addressed\n\nthrough improved handling of administrator privileges. This issue\n\nonly affects Mac OS X Server systems, and does not affect version\n\n10.6 or later. Credit: Apple.\n\nSMB\n\nCVE-ID: CVE-2009-2906\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An infinite loop issue exists in Samba\u2019s handling of\n\nSMB \u2018oplock\u2019 break notifications. A remote attacker may be able to\n\ntrigger an infinite loop in smbd, causing it to consume excessive CPU\n\nresources. The issue is addressed through improved handling of\n\n\u2018oplock\u2019 break notifications.\n\nTomcat\n\nCVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,\n\nCVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in Tomcat 6.0.18\n\nDescription: Tomcat is updated to version 6.0.24 to address multiple\n\nvulnerabilities, the most serious of which may lead to a cross site\n\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\n\nFurther information is available via the Tomcat site at\n\nhttp://tomcat.apache.org/\n\nunzip\n\nCVE-ID: CVE-2008-0888\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Extracting maliciously crafted zip files using the unzip\n\ncommand tool may lead to an unexpected application termination or\n\ncode execution\n\nDescription: An uninitialized pointer issue exists is the handling\n\nof zip files. Extracting maliciously crafted zip files using the\n\nunzip command tool may lead to an unexpected application termination\n\nor arbitrary code execution. This issue is addressed by performing\n\nadditional validation of zip files. This issue does not affect Mac OS\n\nX v10.6 systems.\n\nvim\n\nCVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in vim 7.0\n\nDescription: Multiple vulnerabilities exist in vim 7.0, the most\n\nserious of which may lead to arbitrary code execution when working\n\nwith maliciously crafted files. These issues are addressed by\n\nupdating to vim 7.2.102. These issues do not affect Mac OS X v10.6\n\nsystems. Further information is available via the vim website at\n\nhttp://www.vim.org/\n\nWiki Server\n\nCVE-ID: CVE-2010-0523\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Uploading a maliciously crafted applet may lead to the\n\ndisclosure of sensitive information\n\nDescription: Wiki Server allows users to upload active content such\n\nas Java applets. A remote attacker may obtain sensitive information\n\nby uploading a maliciously crafted applet and directing a Wiki Server\n\nuser to view it. The issue is addressed by restricting the file types\n\nthat may be uploaded to the Wiki Server. This issue only affects Mac\n\nOS X Server systems, and does not affect versions 10.6 or later.\n\nWiki Server\n\nCVE-ID: CVE-2010-0534\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may bypass weblog creation\n\nrestrictions\n\nDescription: Wiki Server supports service access control lists\n\n(SACLs), allowing an administrator to control the publication of\n\ncontent. Wiki Server fails to consult the weblog SACL during the\n\ncreation of a user\u2019s weblog. This may allow an authenticated user to\n\npublish content to the Wiki Server, even though publication should be\n\ndisallowed by the service ACL. This issue does not affect systems\n\nprior to Mac OS X v10.6.\n\nX11\n\nCVE-ID: CVE-2009-2042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted image may lead to the\n\ndisclosure of sensitive information\n\nDescription: libpng is updated to version 1.2.37 to address an issue\n\nthat may result in the disclosure of sensitive information. Further\n\ninformation is available via the libpng site at\n\nhttp://www.libpng.org/pub/png/libpng.html\n\nX11\n\nCVE-ID: CVE-2003-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Displaying maliciously crafted data within an xterm terminal\n\nmay lead to arbitrary code execution\n\nDescription: The xterm program supports a command sequence to change\n\nthe window title, and to print the window title to the terminal. The\n\ninformation returned is provided to the terminal as though it were\n\nkeyboard input from the user. Within an xterm terminal, displaying\n\nmaliciously crafted data containing such sequences may result in\n\ncommand injection. The issue is addressed by disabling the affected\n\ncommand sequence.\n\nxar\n\nCVE-ID: CVE-2010-0055\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A modified package may appear as validly signed\n\nDescription: A design issue exists in xar when validating a package\n\nsignature. This may allow a modified package to appear as validly\n\nsigned. This issue is fixed through improved package signature\n\nvalidation. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 may be obtained from\n\nthe Software Update pane in System Preferences, or Apple\u2019s Software\n\nDownloads web site:\n\nhttp://www.apple.com/support/downloads/\n\n[](<https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/>)Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nIn some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.\n\nThe update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.\n\nIt also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.\n\nHere\u2019s [the full list](<http://support.apple.com/kb/HT4077>) of the patched vulnerabilities. \n\nThe Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or [Apple\u2019s Software Downloads](<site:http://www.apple.com/support/downloads/>) web page.\n", "modified": "2013-04-17T16:37:25", "published": "2010-03-29T17:15:44", "id": "THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "href": "https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/73753/", "type": "threatpost", "title": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
