ID de Prueba:	1.3.6.1.4.1.25623.1.0.72130
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:106 (libexif)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libexif announced via advisory MDVSA-2012:106. Multiple vulnerabilities has been discovered and corrected in libexif: A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2812). A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2813). A buffer overflow in the exif_entry_format_value function in libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags (CVE-2012-2814). A heap-based out-of-bounds array read in the exif_data_load_data function in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2836). A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service via an image with crafted EXIF tags (CVE-2012-2837). An off-by-one error in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags (CVE-2012-2840). An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one (CVE-2012-2841). The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to these issues. Affected: 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:106 http://sourceforge.net/mailarchive/message.php?msg_id=29534027 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2812 BugTraq ID: 54437 http://www.securityfocus.com/bid/54437 Debian Security Information: DSA-2559 (Google Search) http://www.debian.org/security/2012/dsa-2559 http://sourceforge.net/mailarchive/message.php?msg_id=29534027 RedHat Security Advisories: RHSA-2012:1255 http://rhn.redhat.com/errata/RHSA-2012-1255.html http://secunia.com/advisories/49988 SuSE Security Announcement: SUSE-SU-2012:0902 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html SuSE Security Announcement: SUSE-SU-2012:0903 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html http://www.ubuntu.com/usn/USN-1513-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-2813 Common Vulnerability Exposure (CVE) ID: CVE-2012-2814 Common Vulnerability Exposure (CVE) ID: CVE-2012-2836 Common Vulnerability Exposure (CVE) ID: CVE-2012-2837 Common Vulnerability Exposure (CVE) ID: CVE-2012-2840 Common Vulnerability Exposure (CVE) ID: CVE-2012-2841
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.