English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 74154 Descripciones CVE y
39337 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63910
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2009:0458
Resumen:Redhat Security Advisory RHSA-2009:0458
Descripción:The remote host is missing updates announced in
advisory RHSA-2009:0458.

GPdf is a viewer for Portable Document Format (PDF) files.

Multiple integer overflow flaws were found in GPdf's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause GPdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0147,
CVE-2009-1179)

Multiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause GPdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0146,
CVE-2009-1182)

Multiple flaws were found in GPdf's JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause GPdf to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in GPdf's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause GPdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in GPdf's JBIG2 decoder. An
attacker could create a malicious PDF that would cause GPdf to crash when
opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)

Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, and Will Dormann of the CERT/CC for responsibly reporting
these flaws.

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/security/updates/classification/#important
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0146
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded
Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502750/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Debian Security Information: DSA-1790 (Google Search)
http://www.debian.org/security/2009/dsa-1790
Debian Security Information: DSA-1793 (Google Search)
http://www.debian.org/security/2009/dsa-1793
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RedHat Security Advisories: RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SuSE Security Announcement: SUSE-SA:2009:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 34568
http://www.securityfocus.com/bid/34568
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9632
http://www.securitytracker.com/id?1022073
http://secunia.com/advisories/34755
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34852
http://secunia.com/advisories/34756
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/35037
http://secunia.com/advisories/35065
http://secunia.com/advisories/35074
http://secunia.com/advisories/34991
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2010/1040
Common Vulnerability Exposure (CVE) ID: CVE-2009-0147
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9941
Common Vulnerability Exposure (CVE) ID: CVE-2009-0166
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9778
Common Vulnerability Exposure (CVE) ID: CVE-2009-0195
Bugtraq: 20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502759/100/0/threaded
Bugtraq: 20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502762/100/0/threaded
http://secunia.com/secunia_research/2009-17/
http://secunia.com/secunia_research/2009-18/
BugTraq ID: 34791
http://www.securityfocus.com/bid/34791
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10076
Common Vulnerability Exposure (CVE) ID: CVE-2009-0799
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
CERT/CC vulnerability note: VU#196617
http://www.kb.cert.org/vuls/id/196617
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10204
http://www.securitytracker.com/id?1022072
http://secunia.com/advisories/34746
http://www.vupen.com/english/advisories/2009/1076
Common Vulnerability Exposure (CVE) ID: CVE-2009-0800
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11323
Common Vulnerability Exposure (CVE) ID: CVE-2009-1179
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11892
http://secunia.com/advisories/35379
http://www.vupen.com/english/advisories/2009/1522
Common Vulnerability Exposure (CVE) ID: CVE-2009-1180
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9926
Common Vulnerability Exposure (CVE) ID: CVE-2009-1181
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1182
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10735
Common Vulnerability Exposure (CVE) ID: CVE-2009-1183
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10769
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 39337 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.