ID de Prueba:	1.3.6.1.4.1.25623.1.0.51634
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:924
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:924. XFree86[1] is a freely redistributable open-source implementation of the X Window System, which is a client/server interface between display hardware and the desktop environment. Chris Evans has discovered multiple integer[2] and stack[3] overflow vulnerabilities in the X Pixmap library, libXpm, which is a part of the X Window System. These overflows can be exploited by openning a malicious XPM file, which can crash applications that are dependent on libXpm. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.xfree86.org/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:924 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000924 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0688 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html BugTraq ID: 11196 http://www.securityfocus.com/bid/11196 Bugtraq: 20040915 CESA-2004-004: libXpm (Google Search) http://marc.info/?l=bugtraq&m=109530851323415&w=2 Cert/CC Advisory: TA05-136A http://www.us-cert.gov/cas/techalerts/TA05-136A.html CERT/CC vulnerability note: VU#537878 http://www.kb.cert.org/vuls/id/537878 Conectiva Linux advisory: CLA-2005:924 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 Debian Security Information: DSA-560 (Google Search) http://www.debian.org/security/2004/dsa-560 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml HPdes Security Advisory: HPSBUX02119 http://www.securityfocus.com/archive/1/434715/100/0/threaded HPdes Security Advisory: SSRT4848 http://www.mandriva.com/security/advisories?name=MDKSA-2004:098 http://scary.beasts.org/security/CESA-2004-003.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796 http://www.redhat.com/support/errata/RHSA-2004-537.html http://www.redhat.com/support/errata/RHSA-2005-004.html http://secunia.com/advisories/20235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 SuSE Security Announcement: SUSE-SA:2004:034 (Google Search) http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html https://usn.ubuntu.com/27-1/ http://www.vupen.com/english/advisories/2006/1914 XForce ISS Database: libxpm-xpmfile-integer-overflow(17416) https://exchange.xforce.ibmcloud.com/vulnerabilities/17416 Common Vulnerability Exposure (CVE) ID: CVE-2004-0687 CERT/CC vulnerability note: VU#882750 http://www.kb.cert.org/vuls/id/882750 http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187 XForce ISS Database: libxpm-multiple-stack-bo(17414) https://exchange.xforce.ibmcloud.com/vulnerabilities/17414
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.