Test Kennung:	1.3.6.1.4.1.25623.1.0.68332
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:230 (poppler)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to poppler announced via advisory MDVSA-2010:230. Multiple vulnerabilities were discovered and corrected in poppler: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:230 Risk factor : High CVSS Score: 6.8
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3702 42141 http://secunia.com/advisories/42141 42357 http://secunia.com/advisories/42357 42397 http://secunia.com/advisories/42397 42691 http://secunia.com/advisories/42691 43079 http://secunia.com/advisories/43079 43845 http://www.securityfocus.com/bid/43845 ADV-2010-2897 http://www.vupen.com/english/advisories/2010/2897 ADV-2010-3097 http://www.vupen.com/english/advisories/2010/3097 ADV-2011-0230 http://www.vupen.com/english/advisories/2011/0230 DSA-2119 http://www.debian.org/security/2010/dsa-2119 DSA-2135 http://www.debian.org/security/2010/dsa-2135 FEDORA-2010-15857 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html FEDORA-2010-15911 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html FEDORA-2010-15981 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html FEDORA-2010-16662 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html FEDORA-2010-16705 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html FEDORA-2010-16744 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html MDVSA-2010:228 http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 MDVSA-2010:229 http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 MDVSA-2010:230 http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 MDVSA-2010:231 http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 MDVSA-2012:144 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 RHSA-2010:0749 http://www.redhat.com/support/errata/RHSA-2010-0749.html RHSA-2010:0750 http://www.redhat.com/support/errata/RHSA-2010-0750.html RHSA-2010:0751 http://www.redhat.com/support/errata/RHSA-2010-0751.html RHSA-2010:0752 http://www.redhat.com/support/errata/RHSA-2010-0752.html RHSA-2010:0753 http://www.redhat.com/support/errata/RHSA-2010-0753.html RHSA-2010:0754 http://www.redhat.com/support/errata/RHSA-2010-0754.html RHSA-2010:0755 http://www.redhat.com/support/errata/RHSA-2010-0755.html RHSA-2010:0859 http://www.redhat.com/support/errata/RHSA-2010-0859.html RHSA-2012:1201 http://rhn.redhat.com/errata/RHSA-2012-1201.html SSA:2010-324-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 SUSE-SR:2010:022 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html USN-1005-1 http://www.ubuntu.com/usn/USN-1005-1 [oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark http://www.openwall.com/lists/oss-security/2010/10/04/6 ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html https://bugzilla.redhat.com/show_bug.cgi?id=595245 Common Vulnerability Exposure (CVE) ID: CVE-2010-3704 43841 http://www.securityfocus.com/bid/43841 http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 https://bugzilla.redhat.com/show_bug.cgi?id=638960
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.