English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 74154 CVE Beschreibungen
und 39337 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.66381
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)
Zusammenfassung:Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)
Beschreibung:The remote host is missing an update to xpdf
announced via advisory MDVSA-2009:287-1.

Multiple vulnerabilities has been found and corrected in xpdf:

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf
before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might
allow remote attackers to execute arbitrary code via a crafted PDF
document that triggers a heap-based buffer overflow (CVE-2009-3606).

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).

Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).

This update fixes these vulnerabilities.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:287-1
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1188
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded
Debian Security Information: DSA-2028 (Google Search)
http://www.debian.org/security/2010/dsa-2028
Debian Security Information: DSA-2050 (Google Search)
http://www.debian.org/security/2010/dsa-2050
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
RedHat Security Advisories: RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RedHat Security Advisories: RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RedHat Security Advisories: RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RedHat Security Advisories: RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
CERT/CC vulnerability note: VU#196617
http://www.kb.cert.org/vuls/id/196617
BugTraq ID: 34568
http://www.securityfocus.com/bid/34568
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9957
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37053
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1040
http://www.vupen.com/english/advisories/2010/1220
XForce ISS Database: poppler-jbig2-splashbitmap-code-execution(50185)
http://xforce.iss.net/xforce/xfdb/50185
Common Vulnerability Exposure (CVE) ID: CVE-2009-3603
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
RedHat Security Advisories: RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
BugTraq ID: 36703
http://www.securityfocus.com/bid/36703
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9671
http://securitytracker.com/id?1023029
http://secunia.com/advisories/37034
http://secunia.com/advisories/37054
http://secunia.com/advisories/37159
http://secunia.com/advisories/37114
http://www.vupen.com/english/advisories/2009/2924
http://www.vupen.com/english/advisories/2009/2925
XForce ISS Database: xpdf-splashbitmap-bo(53793)
http://xforce.iss.net/xforce/xfdb/53793
Common Vulnerability Exposure (CVE) ID: CVE-2009-3604
http://site.pi3.com.pl/adv/xpdf.txt
RedHat Security Advisories: RHSA-2009:1500
https://rhn.redhat.com/errata/RHSA-2009-1500.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10969
http://secunia.com/advisories/37023
http://secunia.com/advisories/37042
XForce ISS Database: xpdf-splashdrawimage-bo(53795)
http://xforce.iss.net/xforce/xfdb/53795
Common Vulnerability Exposure (CVE) ID: CVE-2009-3606
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
Debian Security Information: DSA-1941 (Google Search)
http://www.debian.org/security/2009/dsa-1941
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11289
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7836
XForce ISS Database: xpdf-psoutputdev-bo(53798)
http://xforce.iss.net/xforce/xfdb/53798
Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
RedHat Security Advisories: RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9536
http://secunia.com/advisories/37051
http://secunia.com/advisories/37061
http://www.vupen.com/english/advisories/2009/2926
XForce ISS Database: xpdf-objectstream-bo(53794)
http://xforce.iss.net/xforce/xfdb/53794
Common Vulnerability Exposure (CVE) ID: CVE-2009-3609
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11043
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8134
XForce ISS Database: xpdf-imagestream-dos(53800)
http://xforce.iss.net/xforce/xfdb/53800
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39337 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.