VAR-201109-0127
Vulnerability from variot - Updated: 2025-04-11 22:08Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying "we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly.". " Would also be possible. "Service disruption by a third party ( Harmful effects on human health ) There is a possibility of being put into a state. Successful exploits will cause the device to crash, denying service to legitimate users. Medtronic Paradigm wireless insulin pump: 512 522 712 722. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] libpng (SSA:2012-206-01)
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.50-i386-1_slack8.1.tgz
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.50-i386-1_slack9.0.tgz
Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.50-i486-1_slack9.1.tgz
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.50-i486-1_slack10.0.tgz
Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.50-i486-1_slack10.1.tgz
Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.50-i486-1_slack10.2.tgz
Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz
Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.50-i486-1_slack12.0.tgz
Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.50-i486-1_slack12.1.tgz
Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.50-i486-1_slack12.2.tgz
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.50-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.50-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.12-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.12-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.12-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.12-x86_64-1_slack13.37.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.12-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.12-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 8.1 package: 284b6e6cbd863a3dcfedeb3f7ada3d13 libpng-1.2.50-i386-1_slack8.1.tgz
Slackware 9.0 package: 27933d103db0ec5d2e32469e5073d408 libpng-1.2.50-i386-1_slack9.0.tgz
Slackware 9.1 package: d7b029366f0f70c218b49101df56cafb libpng-1.2.50-i486-1_slack9.1.tgz
Slackware 10.0 package: 3de3405777a72d3a7d72991c4489853e libpng-1.2.50-i486-1_slack10.0.tgz
Slackware 10.1 package: e6d10a03b279b2138cab9383e638b621 libpng-1.2.50-i486-1_slack10.1.tgz
Slackware 10.2 package: 524e3febb22566c2b3131ca1eee7a385 libpng-1.2.50-i486-1_slack10.2.tgz
Slackware 11.0 package: 189f441d29495f927143a7c47ec77afb libpng-1.2.50-i486-1_slack11.0.tgz
Slackware 12.0 package: 1e21c28ed8dea4db2d4f8cfc00b858d9 libpng-1.2.50-i486-1_slack12.0.tgz
Slackware 12.1 package: 608b1c9f6426159a60722cd23ece3980 libpng-1.2.50-i486-1_slack12.1.tgz
Slackware 12.2 package: b1e9950108aa9d2800d639002e6b77a6 libpng-1.2.50-i486-1_slack12.2.tgz
Slackware 13.0 package: ae6b82cf5487bdc46422650ba374ff41 libpng-1.2.50-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 409da0ddfd159dd970cccf1c9dee251b libpng-1.2.50-x86_64-1_slack13.0.txz
Slackware 13.1 package: 3462a6eb530d084afcd20837b23d0ac7 libpng-1.4.12-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: c3058ef9d075ef9083ee7d7a977e6582 libpng-1.4.12-x86_64-1_slack13.1.txz
Slackware 13.37 package: e9191494e871534e11ec5020f8e72593 libpng-1.4.12-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 0fea01d53de95669592e9a037c3dc4b9 libpng-1.4.12-x86_64-1_slack13.37.txz
Slackware -current package: 29b9148f5beb384e944e34184d24ce59 l/libpng-1.4.12-i486-1.txz
Slackware x86_64 -current package: 1b546573b17ac7df03773856cc081692 l/libpng-1.4.12-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libpng-1.4.12-i486-1_slack13.37.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlAPVhYACgkQakRjwEAQIjPiGQCfULwZEqcoTlCayAoSYnntgenl fqEAn2hCQqztZMMfLufIVoqDRky/os6w =m4TX -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "paradigm wireless insulin pump",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "512"
},
{
"model": "paradigm wireless insulin pump",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "522"
},
{
"model": "paradigm wireless insulin pump",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "712"
},
{
"model": "paradigm wireless insulin pump",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": "722"
},
{
"model": "paradigm wireless insulin pump",
"scope": "eq",
"trust": 0.8,
"vendor": "medtronic",
"version": "and 722"
},
{
"model": "paradigm",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "7220"
},
{
"model": "paradigm",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "712"
},
{
"model": "paradigm",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "522"
},
{
"model": "paradigm",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "512"
}
],
"sources": [
{
"db": "BID",
"id": "49493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:medtronic:paradigm_wireless_insulin_pump",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jerome Radcliffe at the Black Hat USA",
"sources": [
{
"db": "BID",
"id": "49493"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2011-3386",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-51331",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3386",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3386",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-009",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-51331",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51331"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\". \" Would also be possible. \"Service disruption by a third party ( Harmful effects on human health ) There is a possibility of being put into a state. \nSuccessful exploits will cause the device to crash, denying service to legitimate users. \nMedtronic Paradigm wireless insulin pump:\n512\n522\n712\n722. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] libpng (SSA:2012-206-01)\n\nNew libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix\nsecurity issues. \n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n+--------------------------+\npatches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded. \n Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()\n (fixes CVE-2011-3045). \n Revised png_set_text_2() to avoid potential memory corruption (fixes\n CVE-2011-3048). \n Changed \"a+w\" to \"u+w\" in Makefile.in to fix CVE-2012-3386. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.50-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.50-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.50-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.50-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.50-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.50-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.50-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.50-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.50-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.50-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.50-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.12-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.12-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.12-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.12-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.12-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 8.1 package:\n284b6e6cbd863a3dcfedeb3f7ada3d13 libpng-1.2.50-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n27933d103db0ec5d2e32469e5073d408 libpng-1.2.50-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nd7b029366f0f70c218b49101df56cafb libpng-1.2.50-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n3de3405777a72d3a7d72991c4489853e libpng-1.2.50-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ne6d10a03b279b2138cab9383e638b621 libpng-1.2.50-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n524e3febb22566c2b3131ca1eee7a385 libpng-1.2.50-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n189f441d29495f927143a7c47ec77afb libpng-1.2.50-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n1e21c28ed8dea4db2d4f8cfc00b858d9 libpng-1.2.50-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n608b1c9f6426159a60722cd23ece3980 libpng-1.2.50-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nb1e9950108aa9d2800d639002e6b77a6 libpng-1.2.50-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nae6b82cf5487bdc46422650ba374ff41 libpng-1.2.50-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n409da0ddfd159dd970cccf1c9dee251b libpng-1.2.50-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n3462a6eb530d084afcd20837b23d0ac7 libpng-1.4.12-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nc3058ef9d075ef9083ee7d7a977e6582 libpng-1.4.12-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne9191494e871534e11ec5020f8e72593 libpng-1.4.12-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n0fea01d53de95669592e9a037c3dc4b9 libpng-1.4.12-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n29b9148f5beb384e944e34184d24ce59 l/libpng-1.4.12-i486-1.txz\n\nSlackware x86_64 -current package:\n1b546573b17ac7df03773856cc081692 l/libpng-1.4.12-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libpng-1.4.12-i486-1_slack13.37.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niEYEARECAAYFAlAPVhYACgkQakRjwEAQIjPiGQCfULwZEqcoTlCayAoSYnntgenl\nfqEAn2hCQqztZMMfLufIVoqDRky/os6w\n=m4TX\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3386"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"db": "BID",
"id": "49493"
},
{
"db": "VULHUB",
"id": "VHN-51331"
},
{
"db": "PACKETSTORM",
"id": "115017"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3386",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-009",
"trust": 0.7
},
{
"db": "BID",
"id": "49493",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-51331",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115017",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51331"
},
{
"db": "BID",
"id": "49493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"db": "PACKETSTORM",
"id": "115017"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"id": "VAR-201109-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-51331"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:08:50.486000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.medtronic.com/about-medtronic/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
},
{
"trust": 1.7,
"url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
},
{
"trust": 1.7,
"url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
},
{
"trust": 1.7,
"url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
},
{
"trust": 1.7,
"url": "http://www.hanselman.com/blog/hackerscankilldiabeticswithinsulinpumpsfromahalfmileawayumnofactsvsjournalisticfearmongering.aspx"
},
{
"trust": 1.7,
"url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
},
{
"trust": 1.7,
"url": "http://www.loop-blog.com/blog_full_post?id=a09c000000dbz3jiar"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3386"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3386"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com/about-medtronic/index.htm"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3045"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3386"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3045"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3386"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3048"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51331"
},
{
"db": "BID",
"id": "49493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"db": "PACKETSTORM",
"id": "115017"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-51331"
},
{
"db": "BID",
"id": "49493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"db": "PACKETSTORM",
"id": "115017"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-51331"
},
{
"date": "2011-09-07T00:00:00",
"db": "BID",
"id": "49493"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"date": "2012-07-25T18:22:22",
"db": "PACKETSTORM",
"id": "115017"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"date": "2011-09-02T23:55:05.427000",
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-51331"
},
{
"date": "2011-09-07T00:00:00",
"db": "BID",
"id": "49493"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004885"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-009"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Paradigm Service disruption in wireless insulin pumps (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004885"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-009"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.