FreeBSD Local Security Checks : FreeBSD Ports: FreeBSD

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70743

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: FreeBSD

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: FreeBSD

CVE-2011-2895
The LZW decompressor in (1) the BufCompressedFill function in
fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)
compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before
3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before
5.1.1, FreeType 2.1.9, and other products, does not properly handle
code words that are absent from the decompression table when
encountered, which allows context-dependent attackers to trigger an
infinite loop or a heap-based buffer overflow, and possibly execute
arbitrary code, via a crafted compressed stream, a related issue to
CVE-2006-1168 and CVE-2011-2896.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2895
1025920
http://securitytracker.com/id?1025920
45544
http://secunia.com/advisories/45544
45568
http://secunia.com/advisories/45568
45599
http://secunia.com/advisories/45599
45986
http://secunia.com/advisories/45986
46127
http://secunia.com/advisories/46127
48951
http://secunia.com/advisories/48951
49124
http://www.securityfocus.com/bid/49124
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
APPLE-SA-2015-12-08-1
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
APPLE-SA-2015-12-08-2
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
APPLE-SA-2015-12-08-3
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
APPLE-SA-2015-12-08-4
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
DSA-2293
http://www.debian.org/security/2011/dsa-2293
MDVSA-2011:153
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
NetBSD-SA2011-007
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
RHSA-2011:1154
http://www.redhat.com/support/errata/RHSA-2011-1154.html
RHSA-2011:1155
http://www.redhat.com/support/errata/RHSA-2011-1155.html
RHSA-2011:1161
http://www.redhat.com/support/errata/RHSA-2011-1161.html
RHSA-2011:1834
http://www.redhat.com/support/errata/RHSA-2011-1834.html
SUSE-SU-2011:1035
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
USN-1191-1
http://www.ubuntu.com/usn/USN-1191-1
[oss-security] 20110810 LZW decompression issues
http://www.openwall.com/lists/oss-security/2011/08/10/10
[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html
[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
https://bugzilla.redhat.com/show_bug.cgi?id=725760
https://bugzilla.redhat.com/show_bug.cgi?id=727624
https://support.apple.com/HT205635
https://support.apple.com/HT205637
https://support.apple.com/HT205640
https://support.apple.com/HT205641
openSUSE-SU-2011:1299
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
xorg-lzw-bo(69141)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69141

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70743
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: FreeBSD
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: FreeBSD CVE-2011-2895 The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2895 1025920 http://securitytracker.com/id?1025920 45544 http://secunia.com/advisories/45544 45568 http://secunia.com/advisories/45568 45599 http://secunia.com/advisories/45599 45986 http://secunia.com/advisories/45986 46127 http://secunia.com/advisories/46127 48951 http://secunia.com/advisories/48951 49124 http://www.securityfocus.com/bid/49124 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html APPLE-SA-2015-12-08-1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html APPLE-SA-2015-12-08-2 http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html APPLE-SA-2015-12-08-3 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html APPLE-SA-2015-12-08-4 http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html DSA-2293 http://www.debian.org/security/2011/dsa-2293 MDVSA-2011:153 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 NetBSD-SA2011-007 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc RHSA-2011:1154 http://www.redhat.com/support/errata/RHSA-2011-1154.html RHSA-2011:1155 http://www.redhat.com/support/errata/RHSA-2011-1155.html RHSA-2011:1161 http://www.redhat.com/support/errata/RHSA-2011-1161.html RHSA-2011:1834 http://www.redhat.com/support/errata/RHSA-2011-1834.html SUSE-SU-2011:1035 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html USN-1191-1 http://www.ubuntu.com/usn/USN-1191-1 [oss-security] 20110810 LZW decompression issues http://www.openwall.com/lists/oss-security/2011/08/10/10 [xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html [xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4 http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641 openSUSE-SU-2011:1299 http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html xorg-lzw-bo(69141) https://exchange.xforce.ibmcloud.com/vulnerabilities/69141
Copyright	Copyright (C) 2012 E-Soft Inc.