Test ID:	1.3.6.1.4.1.25623.1.0.72004
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:147 (cups)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cups announced via advisory MDVSA-2011:147. A vulnerability has been discovered and corrected in cups: The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:147 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2896 1025929 http://www.securitytracker.com/id?1025929 45621 http://secunia.com/advisories/45621 45900 http://secunia.com/advisories/45900 45945 http://secunia.com/advisories/45945 45948 http://secunia.com/advisories/45948 46024 http://secunia.com/advisories/46024 48236 http://secunia.com/advisories/48236 48308 http://secunia.com/advisories/48308 49148 http://www.securityfocus.com/bid/49148 50737 http://secunia.com/advisories/50737 DSA-2354 http://www.debian.org/security/2011/dsa-2354 DSA-2426 http://www.debian.org/security/2012/dsa-2426 FEDORA-2011-11173 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html FEDORA-2011-11197 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html FEDORA-2011-11221 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html FEDORA-2011-11229 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html FEDORA-2011-11305 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html FEDORA-2011-11318 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html GLSA-201209-23 http://security.gentoo.org/glsa/glsa-201209-23.xml MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 MDVSA-2011:167 http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 RHSA-2011:1635 http://www.redhat.com/support/errata/RHSA-2011-1635.html RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html USN-1207-1 http://www.ubuntu.com/usn/USN-1207-1 USN-1214-1 http://www.ubuntu.com/usn/USN-1214-1 [oss-security] 20110810 LZW decompression issues http://www.openwall.com/lists/oss-security/2011/08/10/10 http://cups.org/str.php?L3867 http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 https://bugzilla.redhat.com/show_bug.cgi?id=727800 https://bugzilla.redhat.com/show_bug.cgi?id=730338 Common Vulnerability Exposure (CVE) ID: CVE-2011-3170 BugTraq ID: 49323 http://www.securityfocus.com/bid/49323 Debian Security Information: DSA-2354 (Google Search) http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:147 http://www.securitytracker.com/id?1025980 http://secunia.com/advisories/45796 XForce ISS Database: cups-gifreadlzw-function-bo(69380) https://exchange.xforce.ibmcloud.com/vulnerabilities/69380
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.