Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:040 (SDL

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60318

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:040 (SDL_image)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to SDL_image
announced via advisory MDVSA-2008:040.

The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image
contain a boundary error that could be triggered to cause a static
buffer overflow and a heap-based buffer overflow. If a user using
an application linked against the SDL_image library were to open a
carefully crafted GIF or IFF ILBM file, the application could crash
or possibly allow for the execution of arbitrary code.

The updated packages have been patched to correct this issue.

Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:040

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-6697
BugTraq ID: 27417
http://www.securityfocus.com/bid/27417
Bugtraq: 20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=120110205511630&w=2
Bugtraq: 20080213 rPSA-2008-0061-1 SDL_image (Google Search)
http://www.securityfocus.com/archive/1/488079/100/0/threaded
Debian Security Information: DSA-1493 (Google Search)
http://www.debian.org/security/2008/dsa-1493
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html
http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:040
http://vexillium.org/?sec-sdlgif
http://secunia.com/advisories/28640
http://secunia.com/advisories/28752
http://secunia.com/advisories/28830
http://secunia.com/advisories/28837
http://secunia.com/advisories/28850
http://secunia.com/advisories/28869
http://secunia.com/advisories/29542
http://www.ubuntu.com/usn/usn-595-1
http://www.vupen.com/english/advisories/2008/0266
XForce ISS Database: sdlimage-gif-bo(39865)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39865
Common Vulnerability Exposure (CVE) ID: CVE-2008-0544
BugTraq ID: 27435
http://www.securityfocus.com/bid/27435
XForce ISS Database: sdlimage-imgloadlbmrw-bo(39899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39899

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60318
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:040 (SDL_image)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to SDL_image announced via advisory MDVSA-2008:040. The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. The updated packages have been patched to correct this issue. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:040 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6697 BugTraq ID: 27417 http://www.securityfocus.com/bid/27417 Bugtraq: 20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=120110205511630&w=2 Bugtraq: 20080213 rPSA-2008-0061-1 SDL_image (Google Search) http://www.securityfocus.com/archive/1/488079/100/0/threaded Debian Security Information: DSA-1493 (Google Search) http://www.debian.org/security/2008/dsa-1493 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:040 http://vexillium.org/?sec-sdlgif http://secunia.com/advisories/28640 http://secunia.com/advisories/28752 http://secunia.com/advisories/28830 http://secunia.com/advisories/28837 http://secunia.com/advisories/28850 http://secunia.com/advisories/28869 http://secunia.com/advisories/29542 http://www.ubuntu.com/usn/usn-595-1 http://www.vupen.com/english/advisories/2008/0266 XForce ISS Database: sdlimage-gif-bo(39865) https://exchange.xforce.ibmcloud.com/vulnerabilities/39865 Common Vulnerability Exposure (CVE) ID: CVE-2008-0544 BugTraq ID: 27435 http://www.securityfocus.com/bid/27435 XForce ISS Database: sdlimage-imgloadlbmrw-bo(39899) https://exchange.xforce.ibmcloud.com/vulnerabilities/39899
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com