Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:005 (libexif)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60236
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:005 (libexif)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libexif announced via advisory MDVSA-2008:005. An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash (CVE-2007-6351). An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application (CVE-2007-6352). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:005 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6351 BugTraq ID: 26976 http://www.securityfocus.com/bid/26976 Bugtraq: 20080105 rPSA-2008-0006-1 libexif (Google Search) http://www.securityfocus.com/archive/1/485822/100/0/threaded Debian Security Information: DSA-1487 (Google Search) http://www.debian.org/security/2008/dsa-1487 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html http://security.gentoo.org/glsa/glsa-200712-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:005 https://bugzilla.redhat.com/show_bug.cgi?id=425551 http://osvdb.org/42652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9420 http://www.redhat.com/support/errata/RHSA-2007-1165.html http://www.securitytracker.com/id?1019124 http://secunia.com/advisories/28076 http://secunia.com/advisories/28127 http://secunia.com/advisories/28195 http://secunia.com/advisories/28266 http://secunia.com/advisories/28346 http://secunia.com/advisories/28400 http://secunia.com/advisories/28636 http://secunia.com/advisories/28776 http://secunia.com/advisories/32274 SuSE Security Announcement: SUSE-SR:2008:002 (Google Search) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.ubuntu.com/usn/usn-654-1 http://www.vupen.com/english/advisories/2007/4278 XForce ISS Database: libexif-exifloaderwrit-dos(39166) https://exchange.xforce.ibmcloud.com/vulnerabilities/39166 Common Vulnerability Exposure (CVE) ID: CVE-2007-6352 BugTraq ID: 26942 http://www.securityfocus.com/bid/26942 http://osvdb.org/42653 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814 http://www.redhat.com/support/errata/RHSA-2007-1166.html http://secunia.com/advisories/29381 http://sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1 http://www.vupen.com/english/advisories/2008/0947/references XForce ISS Database: libexif-exifdataloaddatathumbnail-bo(39167) https://exchange.xforce.ibmcloud.com/vulnerabilities/39167
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com