Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200603-18 (pngcrush)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56546

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200603-18 (pngcrush)

Resumen: The remote host is missing updates announced in;advisory GLSA 200603-18.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200603-18.

Vulnerability Insight:
Pngcrush is vulnerable to a buffer overflow which could potentially lead to
the execution of arbitrary code.

Solution:
All Pngcrush users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-gfx/pngcrush-1.6.2'

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1849
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
BugTraq ID: 14340
http://www.securityfocus.com/bid/14340
Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search)
http://www.securityfocus.com/archive/1/464745/100/0/threaded
Debian Security Information: DSA-1026 (Google Search)
http://www.debian.org/security/2006/dsa-1026
Debian Security Information: DSA-763 (Google Search)
http://www.debian.org/security/2005/dsa-763
Debian Security Information: DSA-797 (Google Search)
http://www.debian.org/security/2005/dsa-797
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
http://www.osvdb.org/18141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402
http://www.redhat.com/support/errata/RHSA-2005-584.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SCO Security Bulletin: SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
http://securitytracker.com/id?1014540
http://secunia.com/advisories/16137
http://secunia.com/advisories/17326
http://secunia.com/advisories/17516
http://secunia.com/advisories/18377
http://secunia.com/advisories/19334
http://secunia.com/advisories/19550
http://secunia.com/advisories/19597
http://secunia.com/advisories/24788
http://secunia.com/advisories/31492
SuSE Security Announcement: SUSE-SA:2005:043 (Google Search)
http://www.novell.com/linux/security/advisories/2005_43_zlib.html
http://www.ubuntulinux.org/usn/usn-151-3
http://www.vupen.com/english/advisories/2007/1267
XForce ISS Database: zlib-codetable-dos(21456)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21456

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56546
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200603-18 (pngcrush)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200603-18.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200603-18. Vulnerability Insight: Pngcrush is vulnerable to a buffer overflow which could potentially lead to the execution of arbitrary code. Solution: All Pngcrush users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/pngcrush-1.6.2' CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1849 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html BugTraq ID: 14340 http://www.securityfocus.com/bid/14340 Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search) http://www.securityfocus.com/archive/1/464745/100/0/threaded Debian Security Information: DSA-1026 (Google Search) http://www.debian.org/security/2006/dsa-1026 Debian Security Information: DSA-763 (Google Search) http://www.debian.org/security/2005/dsa-763 Debian Security Information: DSA-797 (Google Search) http://www.debian.org/security/2005/dsa-797 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:196 http://www.mandriva.com/security/advisories?name=MDKSA-2006:070 http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz http://www.osvdb.org/18141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402 http://www.redhat.com/support/errata/RHSA-2005-584.html http://www.redhat.com/support/errata/RHSA-2008-0629.html SCO Security Bulletin: SCOSA-2006.6 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt http://securitytracker.com/id?1014540 http://secunia.com/advisories/16137 http://secunia.com/advisories/17326 http://secunia.com/advisories/17516 http://secunia.com/advisories/18377 http://secunia.com/advisories/19334 http://secunia.com/advisories/19550 http://secunia.com/advisories/19597 http://secunia.com/advisories/24788 http://secunia.com/advisories/31492 SuSE Security Announcement: SUSE-SA:2005:043 (Google Search) http://www.novell.com/linux/security/advisories/2005_43_zlib.html http://www.ubuntulinux.org/usn/usn-151-3 http://www.vupen.com/english/advisories/2007/1267 XForce ISS Database: zlib-codetable-dos(21456) https://exchange.xforce.ibmcloud.com/vulnerabilities/21456
Copyright	Copyright (C) 2008 E-Soft Inc.