 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.57634 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2006:198-1 (imlib2) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to imlib2 announced via advisory MDKSA-2006:198-1. M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to correct these issues. Update: An error in the preivous patchset may affect JPEG image handling for certain valid images. This new update corrects this issue. Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:198-1 Risk factor : High CVSS Score: 5.1 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-4806 20903 http://www.securityfocus.com/bid/20903 22732 http://secunia.com/advisories/22732 22744 http://secunia.com/advisories/22744 22752 http://secunia.com/advisories/22752 22932 http://secunia.com/advisories/22932 23441 http://secunia.com/advisories/23441 30105 http://www.osvdb.org/30105 30106 http://www.osvdb.org/30106 30107 http://www.osvdb.org/30107 30108 http://www.osvdb.org/30108 30109 http://www.osvdb.org/30109 ADV-2006-4349 http://www.vupen.com/english/advisories/2006/4349 GLSA-200612-20 http://security.gentoo.org/glsa/glsa-200612-20.xml MDKSA-2006:198 http://www.mandriva.com/security/advisories?name=MDKSA-2006:198 MDKSA-2007:156 http://www.mandriva.com/security/advisories?name=MDKSA-2007:156 SUSE-SR:2006:026 http://www.novell.com/linux/security/advisories/2006_26_sr.html USN-376-1 http://www.ubuntu.com/usn/usn-376-1 USN-376-2 http://www.ubuntu.com/usn/usn-376-2 http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz imlib2-load-overflow(30064) https://exchange.xforce.ibmcloud.com/vulnerabilities/30064 Common Vulnerability Exposure (CVE) ID: CVE-2006-4807 30102 http://www.osvdb.org/30102 imlib2-loadertgac-dos(30066) https://exchange.xforce.ibmcloud.com/vulnerabilities/30066 Common Vulnerability Exposure (CVE) ID: CVE-2006-4808 30103 http://www.osvdb.org/30103 imlib2-loadertgac-bo(30068) https://exchange.xforce.ibmcloud.com/vulnerabilities/30068 Common Vulnerability Exposure (CVE) ID: CVE-2006-4809 30104 http://www.osvdb.org/30104 imlib2-loaderpnmc-bo(30070) https://exchange.xforce.ibmcloud.com/vulnerabilities/30070 |
| Copyright | Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |