U radu programskog paketa libpng otkrivena su tri sigurnosna propusta. Riječ je o programskoj biblioteci za čitanje i obradu PNG datoteka. Propusti su posljedica pogreške u funkciji "png_decompress_chunk()", prepisivanja spremnika u datoteci "pngpread.c" te curenja memorije u datoteci "pngrutil.c". Napadaču omogućuju izvođenje napada uskraćivanjem usluge (eng. Denial of Service) putem zlonamjerno oblikovane PNG datoteke. Kako bi zaštitili svoja računala od potencijalnih napada, korisnicima se savjetuje instalacija nadogradnje.
Oracle Solaris libpng Multiple Vulnerabilities
Secunia Advisory SA43845
Release Date 2011-03-21
Criticality level Moderately criticalModerately critical
Impact DoS
System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Operating System
Sun Solaris 10
Sun Solaris 9
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-0205 CVSS available in Customer Area
CVE-2010-1205 CVSS available in Customer Area
CVE-2010-2249 CVSS available in Customer Area
Description
Oracle has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
For more information:
SA38774
SA40302
Solution
Apply patches.
Further details available in Customer Area
Original Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_libpng
Other references
Further details available in Customer Area
Posljednje sigurnosne preporuke