Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200706-09 (libexif)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58429

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200706-09 (libexif)

Resumen: The remote host is missing updates announced in;advisory GLSA 200706-09.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200706-09.

Vulnerability Insight:
libexif does not properly handle image EXIF information, possibly allowing
for the execution of arbitrary code.

Solution:
All libexif users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libexif-0.6.16'

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4168
BugTraq ID: 24461
http://www.securityfocus.com/bid/24461
Bugtraq: 20070622 FLEA-2007-0028-1: libexif (Google Search)
http://www.securityfocus.com/archive/1/472046/100/0/threaded
Debian Security Information: DSA-1310 (Google Search)
http://www.debian.org/security/2007/dsa-1310
http://security.gentoo.org/glsa/glsa-200706-09.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543
http://www.mandriva.com/security/advisories?name=MDKSA-2007:128
http://osvdb.org/35379
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349
RedHat Security Advisories: RHSA-2007:0501
https://rhn.redhat.com/errata/RHSA-2007-0501.html
http://www.securitytracker.com/id?1018240
http://secunia.com/advisories/25642
http://secunia.com/advisories/25645
http://secunia.com/advisories/25674
http://secunia.com/advisories/25717/
http://secunia.com/advisories/25746
http://secunia.com/advisories/25768
http://secunia.com/advisories/25820
http://secunia.com/advisories/25842
http://secunia.com/advisories/25932
http://secunia.com/advisories/26083
SuSE Security Announcement: SUSE-SA:2007:039 (Google Search)
http://www.novell.com/linux/security/advisories/2007_39_libexif.html
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.ubuntu.com/usn/usn-478-1
http://www.vupen.com/english/advisories/2007/2165
XForce ISS Database: multiple-libexif-exifdataloaddataentry-bo(34851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34851

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58429
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200706-09 (libexif)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200706-09.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200706-09. Vulnerability Insight: libexif does not properly handle image EXIF information, possibly allowing for the execution of arbitrary code. Solution: All libexif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libexif-0.6.16' CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4168 BugTraq ID: 24461 http://www.securityfocus.com/bid/24461 Bugtraq: 20070622 FLEA-2007-0028-1: libexif (Google Search) http://www.securityfocus.com/archive/1/472046/100/0/threaded Debian Security Information: DSA-1310 (Google Search) http://www.debian.org/security/2007/dsa-1310 http://security.gentoo.org/glsa/glsa-200706-09.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543 http://www.mandriva.com/security/advisories?name=MDKSA-2007:128 http://osvdb.org/35379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349 RedHat Security Advisories: RHSA-2007:0501 https://rhn.redhat.com/errata/RHSA-2007-0501.html http://www.securitytracker.com/id?1018240 http://secunia.com/advisories/25642 http://secunia.com/advisories/25645 http://secunia.com/advisories/25674 http://secunia.com/advisories/25717/ http://secunia.com/advisories/25746 http://secunia.com/advisories/25768 http://secunia.com/advisories/25820 http://secunia.com/advisories/25842 http://secunia.com/advisories/25932 http://secunia.com/advisories/26083 SuSE Security Announcement: SUSE-SA:2007:039 (Google Search) http://www.novell.com/linux/security/advisories/2007_39_libexif.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.ubuntu.com/usn/usn-478-1 http://www.vupen.com/english/advisories/2007/2165 XForce ISS Database: multiple-libexif-exifdataloaddataentry-bo(34851) https://exchange.xforce.ibmcloud.com/vulnerabilities/34851
Copyright	Copyright (C) 2008 E-Soft Inc.