ID de Prueba:	1.3.6.1.4.1.25623.1.0.52385
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: linux-gdk-pixbuf
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: linux-gdk-pixbuf gtk gdk-pixbuf CVE-2004-0782 Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). CVE-2004-0783 Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). CVE-2004-0788 Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0782 BugTraq ID: 11195 http://www.securityfocus.com/bid/11195 Bugtraq: 20040915 CESA-2004-005: gtk+ XPM decoder (Google Search) http://marc.info/?l=bugtraq&m=109528994916275&w=2 CERT/CC vulnerability note: VU#729894 http://www.kb.cert.org/vuls/id/729894 Conectiva Linux advisory: CLA-2004:875 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 Debian Security Information: DSA-546 (Google Search) http://www.debian.org/security/2004/dsa-546 http://www.securityfocus.com/archive/1/419771/100/0/threaded https://bugzilla.fedora.us/show_bug.cgi?id=2005 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 http://scary.beasts.org/security/CESA-2004-005.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617 http://www.redhat.com/support/errata/RHSA-2004-447.html http://www.redhat.com/support/errata/RHSA-2004-466.html http://secunia.com/advisories/17657 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1 XForce ISS Database: gtk-xpm-pixbufcreatefromxpm-bo(17386) https://exchange.xforce.ibmcloud.com/vulnerabilities/17386 Common Vulnerability Exposure (CVE) ID: CVE-2004-0783 CERT/CC vulnerability note: VU#369358 http://www.kb.cert.org/vuls/id/369358 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1786 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9348 XForce ISS Database: gtk-xpm-xpmextractcolor-bo(17385) https://exchange.xforce.ibmcloud.com/vulnerabilities/17385 Common Vulnerability Exposure (CVE) ID: CVE-2004-0788 CERT/CC vulnerability note: VU#577654 http://www.kb.cert.org/vuls/id/577654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506 XForce ISS Database: gtk-ico-integer-bo(17387) https://exchange.xforce.ibmcloud.com/vulnerabilities/17387
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.