ID de Prueba:	1.3.6.1.4.1.25623.1.0.69443
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0477
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0477. The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0477.html Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4192 BugTraq ID: 19448 http://www.securityfocus.com/bid/19448 Bugtraq: 20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 (Google Search) http://www.securityfocus.com/archive/1/442721/100/100/threaded http://security.gentoo.org/glsa/glsa-200612-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:001 http://aluigi.altervista.org/adv/mptho-adv.txt RedHat Security Advisories: RHSA-2011:0477 https://rhn.redhat.com/errata/RHSA-2011-0477.html http://secunia.com/advisories/21418 http://secunia.com/advisories/22080 http://secunia.com/advisories/22658 http://secunia.com/advisories/23294 http://secunia.com/advisories/23555 http://secunia.com/advisories/26979 http://securityreason.com/securityalert/1397 SuSE Security Announcement: SUSE-SR:2006:023 (Google Search) http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.ubuntu.com/usn/usn-521-1 http://www.vupen.com/english/advisories/2006/3231 http://www.vupen.com/english/advisories/2006/4310 XForce ISS Database: openmpt-loadit-bo(28305) https://exchange.xforce.ibmcloud.com/vulnerabilities/28305 XForce ISS Database: openmpt-readsample-bo(28309) https://exchange.xforce.ibmcloud.com/vulnerabilities/28309 Common Vulnerability Exposure (CVE) ID: CVE-2011-1574 1025480 http://securitytracker.com/id?1025480 44870 http://secunia.com/advisories/44870 48434 http://secunia.com/advisories/48434 8243 http://securityreason.com/securityalert/8243 DSA-2226 http://www.debian.org/security/2011/dsa-2226 GLSA-201203-16 http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml MDVSA-2011:085 http://www.mandriva.com/security/advisories?name=MDVSA-2011:085 RHSA-2011:0477 USN-1148-1 https://www.ubuntu.com/usn/USN-1148-1/ [oss-security] 20110411 CVE request for libmodplug http://openwall.com/lists/oss-security/2011/04/11/6 [oss-security] 20110411 Re: CVE request for libmodplug http://openwall.com/lists/oss-security/2011/04/11/13 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091 http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commit%3Bh=aecef259828a89bb00c2e6f78e89de7363b2237b https://bugzilla.redhat.com/show_bug.cgi?id=695420 https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.