Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:080 (xpm)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52124

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:080 (xpm)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to xpm
announced via advisory MDKSA-2005:080.

The XPM library which is part of the XFree86/XOrg project is used
by several GUI applications to process XPM image files.

An integer overflow flaw was found in libXPM, which is used by some
applications for loading of XPM images. An attacker could create a
malicious XPM file that would execute arbitrary code via a negative
bitmap_unit value if opened by a victim using an application linked
to the vulnerable library.

Updated packages are patched to correct all these issues.

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:080

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 12714
Common Vulnerability Exposure (CVE) ID: CVE-2005-0605
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://www.securityfocus.com/bid/12714
Debian Security Information: DSA-723 (Google Search)
http://www.debian.org/security/2005/dsa-723
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
http://security.gentoo.org/glsa/glsa-200503-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411
http://www.redhat.com/support/errata/RHSA-2005-044.html
http://www.redhat.com/support/errata/RHSA-2005-198.html
http://www.redhat.com/support/errata/RHSA-2005-331.html
http://www.redhat.com/support/errata/RHSA-2005-412.html
http://www.redhat.com/support/errata/RHSA-2005-473.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SCO Security Bulletin: SCOSA-2005.57
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt
SCO Security Bulletin: SCOSA-2006.5
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt
http://securitytracker.com/id?1013339
http://secunia.com/advisories/14460
http://secunia.com/advisories/18049
http://secunia.com/advisories/18316
http://secunia.com/advisories/19624
SGI Security Advisory: 20060403-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U
https://usn.ubuntu.com/92-1/
https://usn.ubuntu.com/97-1/

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52124
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:080 (xpm)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xpm announced via advisory MDKSA-2005:080. The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library. Updated packages are patched to correct all these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:080 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 12714 Common Vulnerability Exposure (CVE) ID: CVE-2005-0605 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://www.securityfocus.com/bid/12714 Debian Security Information: DSA-723 (Google Search) http://www.debian.org/security/2005/dsa-723 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html http://security.gentoo.org/glsa/glsa-200503-08.xml http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411 http://www.redhat.com/support/errata/RHSA-2005-044.html http://www.redhat.com/support/errata/RHSA-2005-198.html http://www.redhat.com/support/errata/RHSA-2005-331.html http://www.redhat.com/support/errata/RHSA-2005-412.html http://www.redhat.com/support/errata/RHSA-2005-473.html http://www.redhat.com/support/errata/RHSA-2008-0261.html SCO Security Bulletin: SCOSA-2005.57 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt SCO Security Bulletin: SCOSA-2006.5 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt http://securitytracker.com/id?1013339 http://secunia.com/advisories/14460 http://secunia.com/advisories/18049 http://secunia.com/advisories/18316 http://secunia.com/advisories/19624 SGI Security Advisory: 20060403-01-U ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U https://usn.ubuntu.com/92-1/ https://usn.ubuntu.com/97-1/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com