Test Kennung:	1.3.6.1.4.1.25623.1.0.66417
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2008:233-1 (libcdaudio)
Zusammenfassung:	The remote host is missing an update to libcdaudio;announced via advisory MDVSA-2008:233-1.
Beschreibung:	Summary: The remote host is missing an update to libcdaudio announced via advisory MDVSA-2008:233-1. Vulnerability Insight: A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5030 BugTraq ID: 32122 http://www.securityfocus.com/bid/32122 Debian Security Information: DSA-1665 (Google Search) http://www.debian.org/security/2008/dsa-1665 http://security.gentoo.org/glsa/glsa-200903-31.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:233 http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442 http://www.openwall.com/lists/oss-security/2008/11/05/1 http://www.openwall.com/lists/oss-security/2008/11/07/1 http://www.openwall.com/lists/oss-security/2008/11/11/4 http://www.openwall.com/lists/oss-security/2008/11/11/6 http://secunia.com/advisories/32678 http://secunia.com/advisories/34353 SuSE Security Announcement: SUSE-SR:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://www.vupen.com/english/advisories/2008/3132 XForce ISS Database: libcdaudio-cddb-bo(46392) https://exchange.xforce.ibmcloud.com/vulnerabilities/46392 Common Vulnerability Exposure (CVE) ID: CVE-2005-0706 12770 http://www.securityfocus.com/bid/12770 32803 http://secunia.com/advisories/32803 33389 http://secunia.com/advisories/33389 33824 http://secunia.com/advisories/33824 FEDORA-2008-11956 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html FEDORA-2008-9521 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html FEDORA-2008-9604 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html FLSA:152919 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919 GLSA-200503-21 http://security.gentoo.org/glsa/glsa-200503-21.xml RHSA-2005:304 http://www.redhat.com/support/errata/RHSA-2005-304.html RHSA-2009:0005 http://www.redhat.com/support/errata/RHSA-2009-0005.html grip-cddb-bo(19648) https://exchange.xforce.ibmcloud.com/vulnerabilities/19648 http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714 http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714 oval:org.mitre.oval:def:10768 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.