Test Kennung:	1.3.6.1.4.1.25623.1.0.64010
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: pango, linux-pango, linux-f8-pango
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: pango linux-pango linux-f8-pango CVE-2009-1194 Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1194 1022196 http://www.securitytracker.com/id?1022196 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations http://www.securityfocus.com/archive/1/503349/100/0/threaded 264308 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 34870 http://www.securityfocus.com/bid/34870 35018 http://secunia.com/advisories/35018 35021 http://secunia.com/advisories/35021 35027 http://secunia.com/advisories/35027 35038 http://secunia.com/advisories/35038 35685 http://secunia.com/advisories/35685 35758 http://www.securityfocus.com/bid/35758 35914 http://secunia.com/advisories/35914 36005 http://secunia.com/advisories/36005 36145 http://secunia.com/advisories/36145 54279 http://osvdb.org/54279 ADV-2009-1269 http://www.vupen.com/english/advisories/2009/1269 ADV-2009-1972 http://www.vupen.com/english/advisories/2009/1972 DSA-1798 http://www.debian.org/security/2009/dsa-1798 RHSA-2009:0476 http://www.redhat.com/support/errata/RHSA-2009-0476.html SUSE-SA:2009:039 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html SUSE-SA:2009:042 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html USN-773-1 http://www.ubuntu.com/usn/USN-773-1 [oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations http://www.openwall.com/lists/oss-security/2009/05/07/1 http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e http://www.mozilla.org/security/announce/2009/mfsa2009-36.html http://www.ocert.org/advisories/ocert-2009-001.html https://bugzilla.mozilla.org/show_bug.cgi?id=480134 https://bugzilla.redhat.com/show_bug.cgi?id=496887 https://launchpad.net/bugs/cve/2009-1194 oval:org.mitre.oval:def:10137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 pango-pangoglyphstringsetsize-bo(50397) https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.