Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1807

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70496

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:1807

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1807.

JasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.

Two heap-based buffer overflow flaws were found in the way JasPer decoded
JPEG 2000 compressed image files. An attacker could create a malicious JPEG
2000 compressed image file that, when opened, would cause applications that
use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary
code. (CVE-2011-4516, CVE-2011-4517)

Red Hat would like to thank Jonathan Foote of the CERT Coordination Center
for reporting these issues.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. All applications using the JasPer
libraries (such as Nautilus) must be restarted for the update to take
effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1807.html

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4516
BugTraq ID: 50992
http://www.securityfocus.com/bid/50992
CERT/CC vulnerability note: VU#887409
http://www.kb.cert.org/vuls/id/887409
Debian Security Information: DSA-2371 (Google Search)
http://www.debian.org/security/2011/dsa-2371
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html
http://osvdb.org/77595
http://www.redhat.com/support/errata/RHSA-2011-1807.html
http://www.redhat.com/support/errata/RHSA-2011-1811.html
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/47193
http://secunia.com/advisories/47306
http://secunia.com/advisories/47353
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
SuSE Security Announcement: openSUSE-SU-2011:1317 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html
http://www.ubuntu.com/usn/USN-1315-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-4517
http://osvdb.org/77596
XForce ISS Database: jasper-jpccrggetparms-bo(71701)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71701

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70496
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:1807
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:1807. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517) Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting these issues. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. All applications using the JasPer libraries (such as Nautilus) must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1807.html Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4516 BugTraq ID: 50992 http://www.securityfocus.com/bid/50992 CERT/CC vulnerability note: VU#887409 http://www.kb.cert.org/vuls/id/887409 Debian Security Information: DSA-2371 (Google Search) http://www.debian.org/security/2011/dsa-2371 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://osvdb.org/77595 http://www.redhat.com/support/errata/RHSA-2011-1807.html http://www.redhat.com/support/errata/RHSA-2011-1811.html RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 SuSE Security Announcement: openSUSE-SU-2011:1317 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://www.ubuntu.com/usn/USN-1315-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-4517 http://osvdb.org/77596 XForce ISS Database: jasper-jpccrggetparms-bo(71701) https://exchange.xforce.ibmcloud.com/vulnerabilities/71701
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com