Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0336

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63637

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:0336

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:0336.;;GLib is the low-level core library that forms the basis for projects such;as GTK+ and GNOME. It provides data structure handling for C, portability;wrappers, and interfaces for such runtime functionality as an event loop,;threads, dynamic loading, and an object system.;;Diego Petteno discovered multiple integer overflows causing heap-based;buffer overflows in GLib's Base64 encoding and decoding functions. An;attacker could use these flaws to crash an application using GLib's Base64;functions to encode or decode large, untrusted inputs, or, possibly,;execute arbitrary code as the user running the application. (CVE-2008-4316);;Note: No application shipped with Red Hat Enterprise Linux 5 uses the;affected functions. Third-party applications may, however, be affected.;;All users of glib2 should upgrade to these updated packages, which contain;backported patches to resolve these issues.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0336.

GLib is the low-level core library that forms the basis for projects such
as GTK+ and GNOME. It provides data structure handling for C, portability
wrappers, and interfaces for such runtime functionality as an event loop,
threads, dynamic loading, and an object system.

Diego Petteno discovered multiple integer overflows causing heap-based
buffer overflows in GLib's Base64 encoding and decoding functions. An
attacker could use these flaws to crash an application using GLib's Base64
functions to encode or decode large, untrusted inputs, or, possibly,
execute arbitrary code as the user running the application. (CVE-2008-4316)

Note: No application shipped with Red Hat Enterprise Linux 5 uses the
affected functions. Third-party applications may, however, be affected.

All users of glib2 should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4316
1021884
http://www.securitytracker.com/id?1021884
20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://www.securityfocus.com/archive/1/501712/100/0/threaded
20090312 rPSA-2009-0045-1 glib
http://www.securityfocus.com/archive/1/501766/100/0/threaded
34100
http://www.securityfocus.com/bid/34100
34267
http://secunia.com/advisories/34267
34317
http://secunia.com/advisories/34317
34404
http://secunia.com/advisories/34404
34416
http://secunia.com/advisories/34416
34560
http://secunia.com/advisories/34560
34854
http://secunia.com/advisories/34854
34890
http://secunia.com/advisories/34890
38794
http://secunia.com/advisories/38794
38833
http://secunia.com/advisories/38833
ADV-2010-0528
http://www.vupen.com/english/advisories/2010/0528
DSA-1747
http://www.debian.org/security/2009/dsa-1747
FEDORA-2009-2657
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html
FEDORA-2009-2688
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html
MDVSA-2009:080
http://www.mandriva.com/security/advisories?name=MDVSA-2009:080
RHSA-2009:0336
http://www.redhat.com/support/errata/RHSA-2009-0336.html
SUSE-SA:2009:026
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html
USN-738-1
http://www.ubuntu.com/usn/usn-738-1
[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://openwall.com/lists/oss-security/2009/03/12/2
[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows
http://www.openwall.com/lists/oss-security/2009/03/16/2
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
glib-gbase64-bo(49272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49272
http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff
http://svn.gnome.org/viewvc/glib?view=revision&revision=7973
http://wiki.rpath.com/Advisories:rPSA-2009-0045
http://www.ocert.org/advisories/ocert-2008-015.html
oval:org.mitre.oval:def:11401
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401
oval:org.mitre.oval:def:8360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63637
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0336
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0336.;;GLib is the low-level core library that forms the basis for projects such;as GTK+ and GNOME. It provides data structure handling for C, portability;wrappers, and interfaces for such runtime functionality as an event loop,;threads, dynamic loading, and an object system.;;Diego Petteno discovered multiple integer overflows causing heap-based;buffer overflows in GLib's Base64 encoding and decoding functions. An;attacker could use these flaws to crash an application using GLib's Base64;functions to encode or decode large, untrusted inputs, or, possibly,;execute arbitrary code as the user running the application. (CVE-2008-4316);;Note: No application shipped with Red Hat Enterprise Linux 5 uses the;affected functions. Third-party applications may, however, be affected.;;All users of glib2 should upgrade to these updated packages, which contain;backported patches to resolve these issues.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0336. GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Diego Petteno discovered multiple integer overflows causing heap-based buffer overflows in GLib's Base64 encoding and decoding functions. An attacker could use these flaws to crash an application using GLib's Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute arbitrary code as the user running the application. (CVE-2008-4316) Note: No application shipped with Red Hat Enterprise Linux 5 uses the affected functions. Third-party applications may, however, be affected. All users of glib2 should upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4316 1021884 http://www.securitytracker.com/id?1021884 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 20090312 rPSA-2009-0045-1 glib http://www.securityfocus.com/archive/1/501766/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34267 http://secunia.com/advisories/34267 34317 http://secunia.com/advisories/34317 34404 http://secunia.com/advisories/34404 34416 http://secunia.com/advisories/34416 34560 http://secunia.com/advisories/34560 34854 http://secunia.com/advisories/34854 34890 http://secunia.com/advisories/34890 38794 http://secunia.com/advisories/38794 38833 http://secunia.com/advisories/38833 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 DSA-1747 http://www.debian.org/security/2009/dsa-1747 FEDORA-2009-2657 http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html FEDORA-2009-2688 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html MDVSA-2009:080 http://www.mandriva.com/security/advisories?name=MDVSA-2009:080 RHSA-2009:0336 http://www.redhat.com/support/errata/RHSA-2009-0336.html SUSE-SA:2009:026 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html USN-738-1 http://www.ubuntu.com/usn/usn-738-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 [oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.openwall.com/lists/oss-security/2009/03/16/2 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html glib-gbase64-bo(49272) https://exchange.xforce.ibmcloud.com/vulnerabilities/49272 http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff http://svn.gnome.org/viewvc/glib?view=revision&revision=7973 http://wiki.rpath.com/Advisories:rPSA-2009-0045 http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:11401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401 oval:org.mitre.oval:def:8360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360
Copyright	Copyright (C) 2009 E-Soft Inc.