Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:656

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51424

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2003:656

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2003:656.

The netpbm package contains a library of functions and a set of basic
tools to manipulate various graphics file formats, including pbm,
pgm, pnm, ppm and others.

Alan Cox and Al Viro discovered[1] several math overflow
vulnerabilities in netpbm versions <= 9.20. These vulnerabilities can
be exploited by attackers using specially crafted images. Successful
exploitation can lead to denial of service conditions or arbitrary
code execution with the privileges of the user running the affected
program.

The netpbm packages included in this update announcement are based on
netpbm version 9.20 and contain a patch to fix the aforementioned
vulnerabilities.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2003-0146 to this issue[2].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0146
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:656
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Querverweis: BugTraq ID: 6979
Common Vulnerability Exposure (CVE) ID: CVE-2003-0146
http://www.securityfocus.com/bid/6979
Bugtraq: 20030228 NetPBM, multiple vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=104644687816522&w=2
CERT/CC vulnerability note: VU#630433
http://www.kb.cert.org/vuls/id/630433
Conectiva Linux advisory: CLSA-2003:656
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656
Debian Security Information: DSA-263 (Google Search)
http://www.debian.org/security/2003/dsa-263
http://www.redhat.com/support/errata/RHSA-2003-060.html
XForce ISS Database: netpbm-multiple-bo(11463)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11463

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51424
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:656
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:656. The netpbm package contains a library of functions and a set of basic tools to manipulate various graphics file formats, including pbm, pgm, pnm, ppm and others. Alan Cox and Al Viro discovered[1] several math overflow vulnerabilities in netpbm versions <= 9.20. These vulnerabilities can be exploited by attackers using specially crafted images. Successful exploitation can lead to denial of service conditions or arbitrary code execution with the privileges of the user running the affected program. The netpbm packages included in this update announcement are based on netpbm version 9.20 and contain a patch to fix the aforementioned vulnerabilities. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-0146 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0146 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:656 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Querverweis:	BugTraq ID: 6979 Common Vulnerability Exposure (CVE) ID: CVE-2003-0146 http://www.securityfocus.com/bid/6979 Bugtraq: 20030228 NetPBM, multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104644687816522&w=2 CERT/CC vulnerability note: VU#630433 http://www.kb.cert.org/vuls/id/630433 Conectiva Linux advisory: CLSA-2003:656 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656 Debian Security Information: DSA-263 (Google Search) http://www.debian.org/security/2003/dsa-263 http://www.redhat.com/support/errata/RHSA-2003-060.html XForce ISS Database: netpbm-multiple-bo(11463) https://exchange.xforce.ibmcloud.com/vulnerabilities/11463
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com