|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 1842-1 (openexr)|
The remote host is missing an update to openexr
announced via advisory DSA 1842-1.
Several vulnerabilities have been discovered in the OpenEXR image
library, which can lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
Drew Yao discovered integer overflows in the preview and
Drew Yao discovered that an uninitialised pointer could be freed
in the decompression code.
A buffer overflow was discovered in the compression code.
For the old stable distribution (etch), these problems have been fixed
in version 1.2.2-4.3+etch2.
For the stable distribution (lenny), these problems have been fixed
in version 1.6.1-3+lenny3.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your openexr packages.
Common Vulnerability Exposure (CVE) ID: CVE-2009-1720|
BugTraq ID: 35838
Cert/CC Advisory: TA09-218A
Debian Security Information: DSA-1842 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:014 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1721
Common Vulnerability Exposure (CVE) ID: CVE-2009-1722
|Copyright||Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.