Red Hat Local Security Checks : RedHat Security Advisory RHSA-2008:1028

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.62933

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2008:1028

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2008:1028.

The Common UNIXÂ® Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.

An integer overflow flaw, leading to a heap buffer overflow, was discovered
in the Portable Network Graphics (PNG) decoding routines used by the CUPS
image-converting filters, imagetops and imagetoraster. An attacker
could create a malicious PNG file that could, potentially, execute
arbitrary code as the lp user if the file was printed. (CVE-2008-5286)

CUPS users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-1028.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5286
BugTraq ID: 32518
http://www.securityfocus.com/bid/32518
Debian Security Information: DSA-1677 (Google Search)
http://www.debian.org/security/2008/dsa-1677
http://www.gentoo.org/security/en/glsa/glsa-200812-01.xml
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028
http://www.mandriva.com/security/advisories?name=MDVSA-2009:029
http://www.openwall.com/lists/oss-security/2008/12/01/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10058
http://www.redhat.com/support/errata/RHSA-2008-1028.html
http://www.securitytracker.com/id?1021298
http://secunia.com/advisories/32962
http://secunia.com/advisories/33101
http://secunia.com/advisories/33111
http://secunia.com/advisories/33568
SuSE Security Announcement: SUSE-SR:2009:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://www.vupen.com/english/advisories/2008/3315
XForce ISS Database: cups-cupsimagereadpng-overflow(46933)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46933

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62933
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:1028
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:1028. The Common UNIXÂ® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, imagetops and imagetoraster. An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2008-5286) CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-1028.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5286 BugTraq ID: 32518 http://www.securityfocus.com/bid/32518 Debian Security Information: DSA-1677 (Google Search) http://www.debian.org/security/2008/dsa-1677 http://www.gentoo.org/security/en/glsa/glsa-200812-01.xml http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://www.mandriva.com/security/advisories?name=MDVSA-2009:029 http://www.openwall.com/lists/oss-security/2008/12/01/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10058 http://www.redhat.com/support/errata/RHSA-2008-1028.html http://www.securitytracker.com/id?1021298 http://secunia.com/advisories/32962 http://secunia.com/advisories/33101 http://secunia.com/advisories/33111 http://secunia.com/advisories/33568 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://www.vupen.com/english/advisories/2008/3315 XForce ISS Database: cups-cupsimagereadpng-overflow(46933) https://exchange.xforce.ibmcloud.com/vulnerabilities/46933
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com