Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.831509 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandriva Update for jasper MDVSA-2011:189 (jasper) |
Zusammenfassung: | The remote host is missing an update for the 'jasper'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'jasper' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been discovered and corrected in jasper: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file (CVE-2011-4516). The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file (CVE-2011-4517). The updated packages have been patched to correct these issues. Affected Software/OS: jasper on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-4516 BugTraq ID: 50992 http://www.securityfocus.com/bid/50992 CERT/CC vulnerability note: VU#887409 http://www.kb.cert.org/vuls/id/887409 Debian Security Information: DSA-2371 (Google Search) http://www.debian.org/security/2011/dsa-2371 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://osvdb.org/77595 http://www.redhat.com/support/errata/RHSA-2011-1807.html http://www.redhat.com/support/errata/RHSA-2011-1811.html RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 SuSE Security Announcement: openSUSE-SU-2011:1317 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://www.ubuntu.com/usn/USN-1315-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-4517 http://osvdb.org/77596 XForce ISS Database: jasper-jpccrggetparms-bo(71701) https://exchange.xforce.ibmcloud.com/vulnerabilities/71701 |
Copyright | Copyright (c) 2011 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |