Test ID:	1.3.6.1.4.1.25623.1.0.68804
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1035-1 (evince)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to evince announced via advisory USN-1035-1. Details follow: Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges. In the default installation of Ubuntu 9.10 and later, attackers would be isolated by the Evince AppArmor profile. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: evince 2.22.2-0ubuntu2.1 Ubuntu 9.10: evince 2.28.1-0ubuntu1.3 Ubuntu 10.04 LTS: evince 2.30.3-0ubuntu1.2 Ubuntu 10.10: evince 2.32.0-0ubuntu1.1 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1035-1 Risk factor : High CVSS Score: 7.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2640 BugTraq ID: 45678 http://www.securityfocus.com/bid/45678 Debian Security Information: DSA-2357 (Google Search) http://www.debian.org/security/2011/dsa-2357 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html http://lists.mandriva.com/security-announce/2011-01/msg00006.php http://www.redhat.com/support/errata/RHSA-2011-0009.html http://www.securitytracker.com/id?1024937 http://secunia.com/advisories/42769 http://secunia.com/advisories/42821 http://secunia.com/advisories/42847 http://secunia.com/advisories/42872 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.ubuntu.com/usn/USN-1035-1 http://www.vupen.com/english/advisories/2011/0029 http://www.vupen.com/english/advisories/2011/0043 http://www.vupen.com/english/advisories/2011/0056 http://www.vupen.com/english/advisories/2011/0097 http://www.vupen.com/english/advisories/2011/0102 http://www.vupen.com/english/advisories/2011/0212 Common Vulnerability Exposure (CVE) ID: CVE-2010-2641 Common Vulnerability Exposure (CVE) ID: CVE-2010-2642 https://security.gentoo.org/glsa/201701-57 http://www.mandriva.com/security/advisories?name=MDVSA-2011:016 http://www.mandriva.com/security/advisories?name=MDVSA-2011:017 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 RedHat Security Advisories: RHSA-2012:1201 http://rhn.redhat.com/errata/RHSA-2012-1201.html SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.vupen.com/english/advisories/2011/0193 http://www.vupen.com/english/advisories/2011/0194 Common Vulnerability Exposure (CVE) ID: CVE-2010-2643
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.