Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200907-01 (libwmf)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64364

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200907-01 (libwmf)

Resumen: The remote host is missing updates announced in;advisory GLSA 200907-01.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200907-01.

Vulnerability Insight:
libwmf bundles an old GD version which contains a 'use-after-free'
vulnerability.

Solution:
All libwmf users should upgrade to the latest version which no longer
builds the GD library:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r3'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1364
BugTraq ID: 34792
http://www.securityfocus.com/bid/34792
Debian Security Information: DSA-1796 (Google Search)
http://www.debian.org/security/2009/dsa-1796
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html
http://security.gentoo.org/glsa/glsa-200907-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959
RedHat Security Advisories: RHSA-2009:0457
http://rhn.redhat.com/errata/RHSA-2009-0457.html
http://www.securitytracker.com/id?1022154
http://secunia.com/advisories/34901
http://secunia.com/advisories/34964
http://secunia.com/advisories/35001
http://secunia.com/advisories/35025
http://secunia.com/advisories/35190
http://secunia.com/advisories/35416
http://secunia.com/advisories/35686
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
http://www.ubuntu.com/usn/USN-769-1
http://www.vupen.com/english/advisories/2009/1228
XForce ISS Database: libwmf-gdlibrary-code-execution(50290)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50290

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64364
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200907-01 (libwmf)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200907-01.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200907-01. Vulnerability Insight: libwmf bundles an old GD version which contains a 'use-after-free' vulnerability. Solution: All libwmf users should upgrade to the latest version which no longer builds the GD library: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r3' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1364 BugTraq ID: 34792 http://www.securityfocus.com/bid/34792 Debian Security Information: DSA-1796 (Google Search) http://www.debian.org/security/2009/dsa-1796 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html http://security.gentoo.org/glsa/glsa-200907-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959 RedHat Security Advisories: RHSA-2009:0457 http://rhn.redhat.com/errata/RHSA-2009-0457.html http://www.securitytracker.com/id?1022154 http://secunia.com/advisories/34901 http://secunia.com/advisories/34964 http://secunia.com/advisories/35001 http://secunia.com/advisories/35025 http://secunia.com/advisories/35190 http://secunia.com/advisories/35416 http://secunia.com/advisories/35686 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://www.ubuntu.com/usn/USN-769-1 http://www.vupen.com/english/advisories/2009/1228 XForce ISS Database: libwmf-gdlibrary-code-execution(50290) https://exchange.xforce.ibmcloud.com/vulnerabilities/50290
Copyright	Copyright (C) 2009 E-Soft Inc.