Test ID:	1.3.6.1.4.1.25623.1.0.880774
Category:	CentOS Local Security Checks
Title:	CentOS Update for netpbm CESA-2009:0012 centos4 i386
Summary:	The remote host is missing an update for the 'netpbm'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'netpbm' package(s) announced via the referenced advisory. Vulnerability Insight: The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. Affected Software/OS: netpbm on CentOS 4 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2721 BugTraq ID: 24052 http://www.securityfocus.com/bid/24052 Debian Security Information: DSA-2036 (Google Search) http://www.debian.org/security/2010/dsa-2036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:129 http://www.mandriva.com/security/advisories?name=MDKSA-2007:208 http://www.mandriva.com/security/advisories?name=MDKSA-2007:209 http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 http://osvdb.org/36137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397 http://www.redhat.com/support/errata/RHSA-2009-0012.html http://secunia.com/advisories/25287 http://secunia.com/advisories/25703 http://secunia.com/advisories/26516 http://secunia.com/advisories/27319 http://secunia.com/advisories/27489 http://secunia.com/advisories/39505 http://www.ubuntu.com/usn/usn-501-1 http://www.ubuntu.com/usn/usn-501-2 http://www.vupen.com/english/advisories/2010/0912 Common Vulnerability Exposure (CVE) ID: CVE-2008-3520 BugTraq ID: 31470 http://www.securityfocus.com/bid/31470 http://security.gentoo.org/glsa/glsa-200812-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 http://bugs.gentoo.org/show_bug.cgi?id=222819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141 RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/33173 http://secunia.com/advisories/34391 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 http://www.ubuntu.com/usn/USN-742-1 XForce ISS Database: jasper-image-file-bo(45621) https://exchange.xforce.ibmcloud.com/vulnerabilities/45621
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.