Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63637
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0336
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:0336.

GLib is the low-level core library that forms the basis for projects such
as GTK+ and GNOME. It provides data structure handling for C, portability
wrappers, and interfaces for such runtime functionality as an event loop,
threads, dynamic loading, and an object system.

Diego Pettenò discovered multiple integer overflows causing heap-based
buffer overflows in GLib's Base64 encoding and decoding functions. An
attacker could use these flaws to crash an application using GLib's Base64
functions to encode or decode large, untrusted inputs, or, possibly,
execute arbitrary code as the user running the application. (CVE-2008-4316)

Note: No application shipped with Red Hat Enterprise Linux 5 uses the
affected functions. Third-party applications may, however, be affected.

All users of glib2 should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0336.html
http://www.redhat.com/security/updates/classification/#moderate

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-4316
BugTraq ID: 34100
http://www.securityfocus.com/bid/34100
Bugtraq: 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows (Google Search)
http://www.securityfocus.com/archive/1/501712/100/0/threaded
Bugtraq: 20090312 rPSA-2009-0045-1 glib (Google Search)
http://www.securityfocus.com/archive/1/501766/100/0/threaded
Debian Security Information: DSA-1747 (Google Search)
http://www.debian.org/security/2009/dsa-1747
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:080
http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff
http://www.ocert.org/advisories/ocert-2008-015.html
http://openwall.com/lists/oss-security/2009/03/12/2
http://www.openwall.com/lists/oss-security/2009/03/16/2
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360
http://www.redhat.com/support/errata/RHSA-2009-0336.html
http://www.securitytracker.com/id?1021884
http://secunia.com/advisories/34267
http://secunia.com/advisories/34317
http://secunia.com/advisories/34404
http://secunia.com/advisories/34416
http://secunia.com/advisories/34560
http://secunia.com/advisories/34854
http://secunia.com/advisories/34890
http://secunia.com/advisories/38794
http://secunia.com/advisories/38833
SuSE Security Announcement: SUSE-SA:2009:026 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html
http://www.ubuntu.com/usn/usn-738-1
http://www.vupen.com/english/advisories/2010/0528
XForce ISS Database: glib-gbase64-bo(49272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49272
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.