Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:147 (cups)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72004

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:147 (cups)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to cups
announced via advisory MDVSA-2011:147.

A vulnerability has been discovered and corrected in cups:

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896 (CVE-2011-3170).

The updated packages have been patched to correct this issue.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:147

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2896
1025929
http://www.securitytracker.com/id?1025929
45621
http://secunia.com/advisories/45621
45900
http://secunia.com/advisories/45900
45945
http://secunia.com/advisories/45945
45948
http://secunia.com/advisories/45948
46024
http://secunia.com/advisories/46024
48236
http://secunia.com/advisories/48236
48308
http://secunia.com/advisories/48308
49148
http://www.securityfocus.com/bid/49148
50737
http://secunia.com/advisories/50737
DSA-2354
http://www.debian.org/security/2011/dsa-2354
DSA-2426
http://www.debian.org/security/2012/dsa-2426
FEDORA-2011-11173
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
FEDORA-2011-11197
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
FEDORA-2011-11221
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
FEDORA-2011-11229
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
FEDORA-2011-11305
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
FEDORA-2011-11318
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
GLSA-201209-23
http://security.gentoo.org/glsa/glsa-201209-23.xml
MDVSA-2011:146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
MDVSA-2011:167
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
RHSA-2011:1635
http://www.redhat.com/support/errata/RHSA-2011-1635.html
RHSA-2012:1180
http://rhn.redhat.com/errata/RHSA-2012-1180.html
RHSA-2012:1181
http://rhn.redhat.com/errata/RHSA-2012-1181.html
USN-1207-1
http://www.ubuntu.com/usn/USN-1207-1
USN-1214-1
http://www.ubuntu.com/usn/USN-1214-1
[oss-security] 20110810 LZW decompression issues
http://www.openwall.com/lists/oss-security/2011/08/10/10
http://cups.org/str.php?L3867
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
https://bugzilla.redhat.com/show_bug.cgi?id=727800
https://bugzilla.redhat.com/show_bug.cgi?id=730338
Common Vulnerability Exposure (CVE) ID: CVE-2011-3170
BugTraq ID: 49323
http://www.securityfocus.com/bid/49323
Debian Security Information: DSA-2354 (Google Search)
http://security.gentoo.org/glsa/glsa-201207-10.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:147
http://www.securitytracker.com/id?1025980
http://secunia.com/advisories/45796
XForce ISS Database: cups-gifreadlzw-function-bo(69380)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69380

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72004
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:147 (cups)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cups announced via advisory MDVSA-2011:147. A vulnerability has been discovered and corrected in cups: The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:147 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2896 1025929 http://www.securitytracker.com/id?1025929 45621 http://secunia.com/advisories/45621 45900 http://secunia.com/advisories/45900 45945 http://secunia.com/advisories/45945 45948 http://secunia.com/advisories/45948 46024 http://secunia.com/advisories/46024 48236 http://secunia.com/advisories/48236 48308 http://secunia.com/advisories/48308 49148 http://www.securityfocus.com/bid/49148 50737 http://secunia.com/advisories/50737 DSA-2354 http://www.debian.org/security/2011/dsa-2354 DSA-2426 http://www.debian.org/security/2012/dsa-2426 FEDORA-2011-11173 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html FEDORA-2011-11197 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html FEDORA-2011-11221 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html FEDORA-2011-11229 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html FEDORA-2011-11305 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html FEDORA-2011-11318 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html GLSA-201209-23 http://security.gentoo.org/glsa/glsa-201209-23.xml MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 MDVSA-2011:167 http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 RHSA-2011:1635 http://www.redhat.com/support/errata/RHSA-2011-1635.html RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html USN-1207-1 http://www.ubuntu.com/usn/USN-1207-1 USN-1214-1 http://www.ubuntu.com/usn/USN-1214-1 [oss-security] 20110810 LZW decompression issues http://www.openwall.com/lists/oss-security/2011/08/10/10 http://cups.org/str.php?L3867 http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 https://bugzilla.redhat.com/show_bug.cgi?id=727800 https://bugzilla.redhat.com/show_bug.cgi?id=730338 Common Vulnerability Exposure (CVE) ID: CVE-2011-3170 BugTraq ID: 49323 http://www.securityfocus.com/bid/49323 Debian Security Information: DSA-2354 (Google Search) http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:147 http://www.securitytracker.com/id?1025980 http://secunia.com/advisories/45796 XForce ISS Database: cups-gifreadlzw-function-bo(69380) https://exchange.xforce.ibmcloud.com/vulnerabilities/69380
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com