CentOS Local Security Checks : CentOS Update for pixman CESA-2013:1869 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881852

Categoría: CentOS Local Security Checks

Título: CentOS Update for pixman CESA-2013:1869 centos5

Resumen: The remote host is missing an update for the 'pixman'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'pixman'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Pixman is a pixel manipulation library for the X Window System and Cairo.

An integer overflow, which led to a heap-based buffer overflow, was found
in the way pixman handled trapezoids. If a remote attacker could trick an
application using pixman into rendering a trapezoid shape with specially
crafted coordinates, it could cause the application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2013-6425)

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. All applications using pixman
must be restarted for this update to take effect.

Affected Software/OS:
pixman on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-6425
DSA-2823
http://www.debian.org/security/2013/dsa-2823
RHSA-2013:1869
http://rhn.redhat.com/errata/RHSA-2013-1869.html
USN-2047-1
http://www.ubuntu.com/usn/USN-2047-1
[Pixman] 20131110 [ANNOUNCE] pixman release 0.32.0 now available
http://lists.freedesktop.org/archives/pixman/2013-November/003109.html
[oss-security] 20131203 CVE Request: xorg-server and pixman
http://www.openwall.com/lists/oss-security/2013/12/03/8
[oss-security] 20131204 Re: CVE Request: xorg-server and pixman
http://www.openwall.com/lists/oss-security/2013/12/04/8
http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c
https://bugs.freedesktop.org/show_bug.cgi?id=67484
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921
openSUSE-SU-2014:0007
http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html
openSUSE-SU-2014:0011
http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html
openSUSE-SU-2014:0014
http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html
openSUSE-SU-2014:0145
http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881852
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for pixman CESA-2013:1869 centos5
Resumen:	The remote host is missing an update for the 'pixman'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'pixman' package(s) announced via the referenced advisory. Vulnerability Insight: Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. Affected Software/OS: pixman on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6425 DSA-2823 http://www.debian.org/security/2013/dsa-2823 RHSA-2013:1869 http://rhn.redhat.com/errata/RHSA-2013-1869.html USN-2047-1 http://www.ubuntu.com/usn/USN-2047-1 [Pixman] 20131110 [ANNOUNCE] pixman release 0.32.0 now available http://lists.freedesktop.org/archives/pixman/2013-November/003109.html [oss-security] 20131203 CVE Request: xorg-server and pixman http://www.openwall.com/lists/oss-security/2013/12/03/8 [oss-security] 20131204 Re: CVE Request: xorg-server and pixman http://www.openwall.com/lists/oss-security/2013/12/04/8 http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c https://bugs.freedesktop.org/show_bug.cgi?id=67484 https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921 openSUSE-SU-2014:0007 http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html openSUSE-SU-2014:0011 http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html openSUSE-SU-2014:0014 http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html openSUSE-SU-2014:0145 http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html
Copyright	Copyright (C) 2013 Greenbone AG