Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:106 (libwmf)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64126

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:106 (libwmf)

Resumen: The remote host is missing an update to libwmf;announced via advisory MDVSA-2009:106.

Descripción: Summary:
The remote host is missing an update to libwmf
announced via advisory MDVSA-2009:106.

Vulnerability Insight:
Use-after-free vulnerability in the embedded GD library in libwmf
0.2.8.4 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WMF file (CVE-2009-1364).

The updated packages have been patched to prevent this.

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1364
BugTraq ID: 34792
http://www.securityfocus.com/bid/34792
Debian Security Information: DSA-1796 (Google Search)
http://www.debian.org/security/2009/dsa-1796
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html
http://security.gentoo.org/glsa/glsa-200907-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959
RedHat Security Advisories: RHSA-2009:0457
http://rhn.redhat.com/errata/RHSA-2009-0457.html
http://www.securitytracker.com/id?1022154
http://secunia.com/advisories/34901
http://secunia.com/advisories/34964
http://secunia.com/advisories/35001
http://secunia.com/advisories/35025
http://secunia.com/advisories/35190
http://secunia.com/advisories/35416
http://secunia.com/advisories/35686
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
http://www.ubuntu.com/usn/USN-769-1
http://www.vupen.com/english/advisories/2009/1228
XForce ISS Database: libwmf-gdlibrary-code-execution(50290)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50290

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64126
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:106 (libwmf)
Resumen:	The remote host is missing an update to libwmf;announced via advisory MDVSA-2009:106.
Descripción:	Summary: The remote host is missing an update to libwmf announced via advisory MDVSA-2009:106. Vulnerability Insight: Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1364 BugTraq ID: 34792 http://www.securityfocus.com/bid/34792 Debian Security Information: DSA-1796 (Google Search) http://www.debian.org/security/2009/dsa-1796 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html http://security.gentoo.org/glsa/glsa-200907-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959 RedHat Security Advisories: RHSA-2009:0457 http://rhn.redhat.com/errata/RHSA-2009-0457.html http://www.securitytracker.com/id?1022154 http://secunia.com/advisories/34901 http://secunia.com/advisories/34964 http://secunia.com/advisories/35001 http://secunia.com/advisories/35025 http://secunia.com/advisories/35190 http://secunia.com/advisories/35416 http://secunia.com/advisories/35686 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://www.ubuntu.com/usn/USN-769-1 http://www.vupen.com/english/advisories/2009/1228 XForce ISS Database: libwmf-gdlibrary-code-execution(50290) https://exchange.xforce.ibmcloud.com/vulnerabilities/50290
Copyright	Copyright (C) 2009 E-Soft Inc.