Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200411-08 (GD)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54729

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200411-08 (GD)

Resumen: The remote host is missing updates announced in;advisory GLSA 200411-08.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200411-08.

Vulnerability Insight:
The PNG image decoding routines in the GD library contain an integer
overflow that may allow execution of arbitrary code with the rights of the
program decoding a malicious PNG image.

Solution:
All GD users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/gd-2.0.32'

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0990
BugTraq ID: 11523
http://www.securityfocus.com/bid/11523
Bugtraq: 20041026 libgd integer overflow (Google Search)
http://marc.info/?l=bugtraq&m=109882489302099&w=2
Computer Incident Advisory Center Bulletin: P-071
http://www.ciac.org/ciac/bulletins/p-071.shtml
Debian Security Information: DSA-589 (Google Search)
http://www.debian.org/security/2004/dsa-589
Debian Security Information: DSA-591 (Google Search)
http://www.debian.org/security/2004/dsa-591
Debian Security Information: DSA-601 (Google Search)
http://www.debian.org/security/2004/dsa-601
Debian Security Information: DSA-602 (Google Search)
http://www.debian.org/security/2004/dsa-602
http://www.mandriva.com/security/advisories?name=MDKSA-2004:132
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.osvdb.org/11190
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952
http://www.redhat.com/support/errata/RHSA-2004-638.html
http://secunia.com/advisories/18717
http://secunia.com/advisories/20824
http://secunia.com/advisories/20866
http://secunia.com/advisories/21050
http://secunia.com/advisories/23783
SuSE Security Announcement: SUSE-SR:2006:003 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
http://www.trustix.org/errata/2004/0058
https://www.ubuntu.com/usn/usn-11-1/
https://www.ubuntu.com/usn/usn-25-1/
XForce ISS Database: gd-png-bo(17866)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17866

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54729
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200411-08 (GD)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200411-08.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200411-08. Vulnerability Insight: The PNG image decoding routines in the GD library contain an integer overflow that may allow execution of arbitrary code with the rights of the program decoding a malicious PNG image. Solution: All GD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/gd-2.0.32' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0990 BugTraq ID: 11523 http://www.securityfocus.com/bid/11523 Bugtraq: 20041026 libgd integer overflow (Google Search) http://marc.info/?l=bugtraq&m=109882489302099&w=2 Computer Incident Advisory Center Bulletin: P-071 http://www.ciac.org/ciac/bulletins/p-071.shtml Debian Security Information: DSA-589 (Google Search) http://www.debian.org/security/2004/dsa-589 Debian Security Information: DSA-591 (Google Search) http://www.debian.org/security/2004/dsa-591 Debian Security Information: DSA-601 (Google Search) http://www.debian.org/security/2004/dsa-601 Debian Security Information: DSA-602 (Google Search) http://www.debian.org/security/2004/dsa-602 http://www.mandriva.com/security/advisories?name=MDKSA-2004:132 http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.osvdb.org/11190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952 http://www.redhat.com/support/errata/RHSA-2004-638.html http://secunia.com/advisories/18717 http://secunia.com/advisories/20824 http://secunia.com/advisories/20866 http://secunia.com/advisories/21050 http://secunia.com/advisories/23783 SuSE Security Announcement: SUSE-SR:2006:003 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://www.trustix.org/errata/2004/0058 https://www.ubuntu.com/usn/usn-11-1/ https://www.ubuntu.com/usn/usn-25-1/ XForce ISS Database: gd-png-bo(17866) https://exchange.xforce.ibmcloud.com/vulnerabilities/17866
Copyright	Copyright (C) 2008 E-Soft Inc.