Test ID:	1.3.6.1.4.1.25623.1.0.882685
Category:	CentOS Local Security Checks
Title:	CentOS Update for icoutils CESA-2017:0837 centos7
Summary:	Check the version of icoutils
Description:	Summary: Check the version of icoutils Vulnerability Insight: The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries. Security Fix(es): * Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution. (CVE-2017-5208, CVE-2017-5333, CVE-2017-6009) * A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in failure to allocate memory or an over-large memcpy operation, leading to a crash. (CVE-2017-5332) * Multiple vulnerabilities were found in icoutils, in the icotool program. An attacker could create a crafted ICO or CUR file that, when read by icotool, could result in memory corruption leading to a crash or potential code execution. (CVE-2017-6010, CVE-2017-6011) Affected Software/OS: icoutils on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5208 BugTraq ID: 95315 http://www.securityfocus.com/bid/95315 Debian Security Information: DSA-3756 (Google Search) http://www.debian.org/security/2017/dsa-3756 https://security.gentoo.org/glsa/201801-12 http://www.openwall.com/lists/oss-security/2017/01/08/5 RedHat Security Advisories: RHSA-2017:0837 http://rhn.redhat.com/errata/RHSA-2017-0837.html Common Vulnerability Exposure (CVE) ID: CVE-2017-5332 BugTraq ID: 95380 http://www.securityfocus.com/bid/95380 Debian Security Information: DSA-3765 (Google Search) http://www.debian.org/security/2017/dsa-3765 http://www.openwall.com/lists/oss-security/2017/01/11/3 SuSE Security Announcement: openSUSE-SU-2017:0166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html SuSE Security Announcement: openSUSE-SU-2017:0167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html SuSE Security Announcement: openSUSE-SU-2017:0168 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html http://www.ubuntu.com/usn/USN-3178-1 Common Vulnerability Exposure (CVE) ID: CVE-2017-5333 BugTraq ID: 95678 http://www.securityfocus.com/bid/95678 Common Vulnerability Exposure (CVE) ID: CVE-2017-6009 BugTraq ID: 96292 http://www.securityfocus.com/bid/96292 Debian Security Information: DSA-3807 (Google Search) http://www.debian.org/security/2017/dsa-3807 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050 Common Vulnerability Exposure (CVE) ID: CVE-2017-6010 BugTraq ID: 96288 http://www.securityfocus.com/bid/96288 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 Common Vulnerability Exposure (CVE) ID: CVE-2017-6011 BugTraq ID: 96267 http://www.securityfocus.com/bid/96267
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.