Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:071 (kdegraphics)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50843

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:071 (kdegraphics)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to kdegraphics
announced via advisory MDKSA-2002:071.

A vulnerability exists in KGhostview, part of the kdegraphics package.
It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer
overflow while parsing a specially crafted .ps file. It also contains
code from gv which is vulnerable to a similar buffer overflow triggered
by malformed PostScript and PDF files. This has been fixed in KDE
3.0.4 and patches have been applied to correct these packages.

Affected versions: 8.1, 8.2, 9.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0836
http://www.kde.org/info/security/advisory-20021008-1.txt

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 5978
Common Vulnerability Exposure (CVE) ID: CVE-2002-0836
http://www.securityfocus.com/bid/5978
Bugtraq: 20021018 GLSA: tetex (Google Search)
http://marc.info/?l=bugtraq&m=103497852330838&w=2
Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search)
http://marc.info/?l=bugtraq&m=104005975415582&w=2
CERT/CC vulnerability note: VU#169841
http://www.kb.cert.org/vuls/id/169841
Conectiva Linux advisory: CLA-2002:537
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
Debian Security Information: DSA-207 (Google Search)
http://www.debian.org/security/2002/dsa-207
HPdes Security Advisory: HPSBTL0210-073
http://www.securityfocus.com/advisories/4567
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
http://www.redhat.com/support/errata/RHSA-2002-194.html
http://www.redhat.com/support/errata/RHSA-2002-195.html
http://www.iss.net/security_center/static/10365.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50843
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:071 (kdegraphics)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kdegraphics announced via advisory MDKSA-2002:071. A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages. Affected versions: 8.1, 8.2, 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0836 http://www.kde.org/info/security/advisory-20021008-1.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 5978 Common Vulnerability Exposure (CVE) ID: CVE-2002-0836 http://www.securityfocus.com/bid/5978 Bugtraq: 20021018 GLSA: tetex (Google Search) http://marc.info/?l=bugtraq&m=103497852330838&w=2 Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search) http://marc.info/?l=bugtraq&m=104005975415582&w=2 CERT/CC vulnerability note: VU#169841 http://www.kb.cert.org/vuls/id/169841 Conectiva Linux advisory: CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Debian Security Information: DSA-207 (Google Search) http://www.debian.org/security/2002/dsa-207 HPdes Security Advisory: HPSBTL0210-073 http://www.securityfocus.com/advisories/4567 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php http://www.redhat.com/support/errata/RHSA-2002-194.html http://www.redhat.com/support/errata/RHSA-2002-195.html http://www.iss.net/security_center/static/10365.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com