Mandriva Update For Cairo MDVSA-2008:019 (cairo) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patched to correct this issue.

Affected

cairo on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-5503

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:047 (vim)
Mandrake Security Advisory MDVSA-2009:068-1 (poppler)
Mandrake Security Advisory MDVSA-2009:129 (file)
Mandrake Security Advisory MDVSA-2009:213 (wxgtk)
Mandrake Security Advisory MDVSA-2009:018 (tomcat5)

Mandriva Update for cairo MDVSA-2008:019 (cairo)

Take action and discover your vulnerabilities