ID de Prueba:	1.3.6.1.4.1.25623.1.0.60320
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:038 (gd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gd announced via advisory MDVSA-2008:038. Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD prior to 2.0.34 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. This was originally fixed in PHP's embedded GD with MDKSA-2006:162 patches had not been applied to the system libgd at that time. The updated packages have been patched to correct this issue. Affected: 2007.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:038 Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4484 BugTraq ID: 19582 http://www.securityfocus.com/bid/19582 Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/447866/100/0/threaded Bugtraq: 20080206 rPSA-2008-0046-1 gd (Google Search) http://www.securityfocus.com/archive/1/487683/100/0/threaded Bugtraq: 20080212 FLEA-2008-0007-1 gd (Google Search) http://www.securityfocus.com/archive/1/488008/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:162 http://www.mandriva.com/security/advisories?name=MDVSA-2008:038 http://www.mandriva.com/security/advisories?name=MDVSA-2008:077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004 RedHat Security Advisories: RHSA-2006:0688 http://rhn.redhat.com/errata/RHSA-2006-0688.html http://www.redhat.com/support/errata/RHSA-2008-0146.html http://securitytracker.com/id?1016984 http://secunia.com/advisories/21546 http://secunia.com/advisories/21768 http://secunia.com/advisories/21842 http://secunia.com/advisories/22039 http://secunia.com/advisories/22069 http://secunia.com/advisories/22225 http://secunia.com/advisories/22440 http://secunia.com/advisories/22487 http://secunia.com/advisories/22538 http://secunia.com/advisories/28768 http://secunia.com/advisories/28838 http://secunia.com/advisories/28845 http://secunia.com/advisories/28866 http://secunia.com/advisories/28959 http://secunia.com/advisories/29157 http://secunia.com/advisories/29242 http://secunia.com/advisories/29546 http://secunia.com/advisories/30717 SGI Security Advisory: 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc SuSE Security Announcement: SUSE-SA:2006:052 (Google Search) http://www.novell.com/linux/security/advisories/2006_52_php.html SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html SuSE Security Announcement: SUSE-SR:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html SuSE Security Announcement: SUSE-SR:2008:013 (Google Search) http://www.novell.com/linux/security/advisories/2008_13_sr.html TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://www.ubuntu.com/usn/usn-342-1 http://www.vupen.com/english/advisories/2006/3318
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.