Mandriva Update For Libpng MDVSA-2012:033 (libpng) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in libpng: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-3045). The updated packages have been patched to correct this issue.

Affected

libpng on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2011-3045

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:170 (initscripts)
Mandrake Security Advisory MDVSA-2009:087 (openssl)
Mandrake Security Advisory MDVSA-2009:119 (kernel)
Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:109 (quagga)

Mandriva Update for libpng MDVSA-2012:033 (libpng)

Take action and discover your vulnerabilities