Test ID:	1.3.6.1.4.1.25623.1.0.63680
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1747-1)
Summary:	The remote host is missing an update for the Debian 'glib2.0' package(s) announced via the DSA-1747-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'glib2.0' package(s) announced via the DSA-1747-1 advisory. Vulnerability Insight: Diego Petteno discovered that glib2.0, the GLib library of C routines, handles large strings insecurely via its Base64 encoding functions. This could possible lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 2.16.6-1+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 2.12.4-2+etch1. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.20.0-1. We recommend that you upgrade your glib2.0 packages. Affected Software/OS: 'glib2.0' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4316 1021884 http://www.securitytracker.com/id?1021884 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 20090312 rPSA-2009-0045-1 glib http://www.securityfocus.com/archive/1/501766/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34267 http://secunia.com/advisories/34267 34317 http://secunia.com/advisories/34317 34404 http://secunia.com/advisories/34404 34416 http://secunia.com/advisories/34416 34560 http://secunia.com/advisories/34560 34854 http://secunia.com/advisories/34854 34890 http://secunia.com/advisories/34890 38794 http://secunia.com/advisories/38794 38833 http://secunia.com/advisories/38833 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 DSA-1747 http://www.debian.org/security/2009/dsa-1747 FEDORA-2009-2657 http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html FEDORA-2009-2688 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html MDVSA-2009:080 http://www.mandriva.com/security/advisories?name=MDVSA-2009:080 RHSA-2009:0336 http://www.redhat.com/support/errata/RHSA-2009-0336.html SUSE-SA:2009:026 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html USN-738-1 http://www.ubuntu.com/usn/usn-738-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 [oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.openwall.com/lists/oss-security/2009/03/16/2 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html glib-gbase64-bo(49272) https://exchange.xforce.ibmcloud.com/vulnerabilities/49272 http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff http://svn.gnome.org/viewvc/glib?view=revision&revision=7973 http://wiki.rpath.com/Advisories:rPSA-2009-0045 http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:11401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401 oval:org.mitre.oval:def:8360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.