Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-111)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120075

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-111)

Resumen: The remote host is missing an update for the 'openjpeg' package(s) announced via the ALAS-2012-111 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openjpeg' package(s) announced via the ALAS-2012-111 advisory.

Vulnerability Insight:
An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-3358)

OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG (such as image_to_j2k), would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5030)

Affected Software/OS:
'openjpeg' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-5030
48781
http://secunia.com/advisories/48781
49913
http://secunia.com/advisories/49913
53012
http://www.securityfocus.com/bid/53012
FEDORA-2012-9602
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html
FEDORA-2012-9628
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html
MDVSA-2012:104
http://www.mandriva.com/security/advisories?name=MDVSA-2012:104
RHSA-2012:1068
http://rhn.redhat.com/errata/RHSA-2012-1068.html
[oss-security] 20120413 Re: CVE Request: Heap corruption in openjpeg
http://www.openwall.com/lists/oss-security/2012/04/13/5
http://code.google.com/p/openjpeg/issues/detail?id=5
http://code.google.com/p/openjpeg/source/detail?r=1703
https://groups.google.com/forum/#%21topic/openjpeg/DLVrRKbTeI0/discussion
openjpeg-tcdfreeencode-code-execution(74851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74851
Common Vulnerability Exposure (CVE) ID: CVE-2012-3358
54373
http://www.securityfocus.com/bid/54373
83741
http://osvdb.org/83741
[oss-security] 20120711 Openjpeg: heap-buffer overflow when processing JPEG2000 image files
http://www.openwall.com/lists/oss-security/2012/07/11/1
http://code.google.com/p/openjpeg/source/detail?r=1727
openjpeg-jpeg2000-bo(76850)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76850

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120075
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-111)
Resumen:	The remote host is missing an update for the 'openjpeg' package(s) announced via the ALAS-2012-111 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openjpeg' package(s) announced via the ALAS-2012-111 advisory. Vulnerability Insight: An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-3358) OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG (such as image_to_j2k), would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5030) Affected Software/OS: 'openjpeg' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5030 48781 http://secunia.com/advisories/48781 49913 http://secunia.com/advisories/49913 53012 http://www.securityfocus.com/bid/53012 FEDORA-2012-9602 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html FEDORA-2012-9628 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html MDVSA-2012:104 http://www.mandriva.com/security/advisories?name=MDVSA-2012:104 RHSA-2012:1068 http://rhn.redhat.com/errata/RHSA-2012-1068.html [oss-security] 20120413 Re: CVE Request: Heap corruption in openjpeg http://www.openwall.com/lists/oss-security/2012/04/13/5 http://code.google.com/p/openjpeg/issues/detail?id=5 http://code.google.com/p/openjpeg/source/detail?r=1703 https://groups.google.com/forum/#%21topic/openjpeg/DLVrRKbTeI0/discussion openjpeg-tcdfreeencode-code-execution(74851) https://exchange.xforce.ibmcloud.com/vulnerabilities/74851 Common Vulnerability Exposure (CVE) ID: CVE-2012-3358 54373 http://www.securityfocus.com/bid/54373 83741 http://osvdb.org/83741 [oss-security] 20120711 Openjpeg: heap-buffer overflow when processing JPEG2000 image files http://www.openwall.com/lists/oss-security/2012/07/11/1 http://code.google.com/p/openjpeg/source/detail?r=1727 openjpeg-jpeg2000-bo(76850) https://exchange.xforce.ibmcloud.com/vulnerabilities/76850
Copyright	Copyright (C) 2015 Greenbone AG