Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64679

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)

Resumen: The remote host is missing an update to perl-Compress-Raw-Bzip2;announced via advisory MDVSA-2009:207.

Descripción: Summary:
The remote host is missing an update to perl-Compress-Raw-Bzip2
announced via advisory MDVSA-2009:207.

Vulnerability Insight:
A vulnerability has been found and corrected in perl-Compress-Raw-Bzip:

Off-by-one error in the bzinflate function in Bzip2.xs in
the Compress-Raw-Bzip2 module before 2.018 for Perl allows
context-dependent attackers to cause a denial of service (application
hang or crash) via a crafted bzip2 compressed stream that triggers
a buffer overflow, a related issue to CVE-2009-1391 (CVE-2009-1884).

This update provides a solution to this vulnerability.

Affected: 2009.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1391
BugTraq ID: 35307
http://www.securityfocus.com/bid/35307
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html
http://security.gentoo.org/glsa/glsa-200908-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:157
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
http://osvdb.org/55041
http://secunia.com/advisories/35422
http://secunia.com/advisories/35685
http://secunia.com/advisories/35689
http://secunia.com/advisories/35876
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
https://usn.ubuntu.com/794-1/
http://www.vupen.com/english/advisories/2009/1571
XForce ISS Database: perl-compressrawzlib-inflate-bo(51062)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51062
Common Vulnerability Exposure (CVE) ID: CVE-2009-1884
36082
http://www.securityfocus.com/bid/36082
36386
http://secunia.com/advisories/36386
36415
http://secunia.com/advisories/36415
FEDORA-2009-8868
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html
FEDORA-2009-8888
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html
GLSA-200908-07
compressrawbzip2-bzinflate-dos(52628)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52628
https://bugs.gentoo.org/show_bug.cgi?id=281955
https://bugzilla.redhat.com/show_bug.cgi?id=518278

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64679
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)
Resumen:	The remote host is missing an update to perl-Compress-Raw-Bzip2;announced via advisory MDVSA-2009:207.
Descripción:	Summary: The remote host is missing an update to perl-Compress-Raw-Bzip2 announced via advisory MDVSA-2009:207. Vulnerability Insight: A vulnerability has been found and corrected in perl-Compress-Raw-Bzip: Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391 (CVE-2009-1884). This update provides a solution to this vulnerability. Affected: 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1391 BugTraq ID: 35307 http://www.securityfocus.com/bid/35307 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html http://security.gentoo.org/glsa/glsa-200908-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:157 http://article.gmane.org/gmane.mail.virus.amavis.user/33635 http://article.gmane.org/gmane.mail.virus.amavis.user/33638 http://thread.gmane.org/gmane.mail.virus.amavis.user/33635 http://osvdb.org/55041 http://secunia.com/advisories/35422 http://secunia.com/advisories/35685 http://secunia.com/advisories/35689 http://secunia.com/advisories/35876 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html https://usn.ubuntu.com/794-1/ http://www.vupen.com/english/advisories/2009/1571 XForce ISS Database: perl-compressrawzlib-inflate-bo(51062) https://exchange.xforce.ibmcloud.com/vulnerabilities/51062 Common Vulnerability Exposure (CVE) ID: CVE-2009-1884 36082 http://www.securityfocus.com/bid/36082 36386 http://secunia.com/advisories/36386 36415 http://secunia.com/advisories/36415 FEDORA-2009-8868 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html FEDORA-2009-8888 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html GLSA-200908-07 compressrawbzip2-bzinflate-dos(52628) https://exchange.xforce.ibmcloud.com/vulnerabilities/52628 https://bugs.gentoo.org/show_bug.cgi?id=281955 https://bugzilla.redhat.com/show_bug.cgi?id=518278
Copyright	Copyright (C) 2009 E-Soft Inc.