Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:030 (amarok)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63283

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:030 (amarok)

Resumen: The remote host is missing an update to amarok;announced via advisory MDVSA-2009:030.

Descripción: Summary:
The remote host is missing an update to amarok
announced via advisory MDVSA-2009:030.

Vulnerability Insight:
Data length values in metadata Audible Audio media file (.aa) can lead
to an integer overflow enabling remote attackers use it to trigger an
heap overflow and enabling the possibility to execute arbitrary code
(CVE-2009-0135).

Failure on checking heap allocation on Audible Audio media files
(.aa) allows remote attackers either to cause denial of service or
execute arbitrary code via a crafted media file (CVE-2009-0136).

This update provide the fix for these security issues.

Affected: 2008.1, 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0135
BugTraq ID: 33210
http://www.securityfocus.com/bid/33210
Bugtraq: 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/499984/100/0/threaded
Debian Security Information: DSA-1706 (Google Search)
http://www.debian.org/security/2009/dsa-1706
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html
http://security.gentoo.org/glsa/glsa-200903-34.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
http://trapkit.de/advisories/TKADV2009-002.txt
http://openwall.com/lists/oss-security/2009/01/14/2
http://www.securitytracker.com/id?1021558
http://secunia.com/advisories/33505
http://secunia.com/advisories/33522
http://secunia.com/advisories/33640
http://secunia.com/advisories/33819
http://secunia.com/advisories/34315
http://secunia.com/advisories/34407
http://securityreason.com/securityalert/4915
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.ubuntu.com/usn/USN-739-1
http://www.vupen.com/english/advisories/2009/0100
Common Vulnerability Exposure (CVE) ID: CVE-2009-0136

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63283
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:030 (amarok)
Resumen:	The remote host is missing an update to amarok;announced via advisory MDVSA-2009:030.
Descripción:	Summary: The remote host is missing an update to amarok announced via advisory MDVSA-2009:030. Vulnerability Insight: Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code (CVE-2009-0135). Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file (CVE-2009-0136). This update provide the fix for these security issues. Affected: 2008.1, 2009.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0135 BugTraq ID: 33210 http://www.securityfocus.com/bid/33210 Bugtraq: 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/499984/100/0/threaded Debian Security Information: DSA-1706 (Google Search) http://www.debian.org/security/2009/dsa-1706 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html http://security.gentoo.org/glsa/glsa-200903-34.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:030 http://trapkit.de/advisories/TKADV2009-002.txt http://openwall.com/lists/oss-security/2009/01/14/2 http://www.securitytracker.com/id?1021558 http://secunia.com/advisories/33505 http://secunia.com/advisories/33522 http://secunia.com/advisories/33640 http://secunia.com/advisories/33819 http://secunia.com/advisories/34315 http://secunia.com/advisories/34407 http://securityreason.com/securityalert/4915 SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.ubuntu.com/usn/USN-739-1 http://www.vupen.com/english/advisories/2009/0100 Common Vulnerability Exposure (CVE) ID: CVE-2009-0136
Copyright	Copyright (C) 2009 E-Soft Inc.