Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-249: libpng Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the libpng packages
Detailed Explanation for this Vulnerability Test
Updated libpng packages that fix a possible buffer overflow are now
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
During an audit of Red Hat Linux updates, the Fedora Legacy team found a
security issue in libpng that had not been fixed in Red Hat Enterprise
Linux 3. A possible hacker could carefully craft a PNG file in such a way that
it would cause an application linked to libpng to crash or potentially
execute arbitrary code when opened by a victim.
Note: this issue does not affect Red Hat Enterprise Linux 2.1
Users are advised to upgrade to these updated packages that contain a
backported security fix and are not vulnerable to this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2004-249.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.