ID de Prueba:	1.3.6.1.4.1.25623.1.0.66479
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:191-1 (OpenEXR)
Resumen:	The remote host is missing an update to OpenEXR;announced via advisory MDVSA-2009:191-1.
Descripción:	Summary: The remote host is missing an update to OpenEXR announced via advisory MDVSA-2009:191-1. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720). The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721). Buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-1722). This update provides fixes for these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1720 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html BugTraq ID: 35838 http://www.securityfocus.com/bid/35838 Cert/CC Advisory: TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html Debian Security Information: DSA-1842 (Google Search) http://www.debian.org/security/2009/dsa-1842 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:190 http://www.mandriva.com/security/advisories?name=MDVSA-2009:191 http://www.securitytracker.com/id?1022674 http://secunia.com/advisories/36030 http://secunia.com/advisories/36032 http://secunia.com/advisories/36096 http://secunia.com/advisories/36123 http://secunia.com/advisories/36753 SuSE Security Announcement: SUSE-SR:2009:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html http://www.ubuntu.com/usn/USN-831-1 http://www.vupen.com/english/advisories/2009/2035 http://www.vupen.com/english/advisories/2009/2172 Common Vulnerability Exposure (CVE) ID: CVE-2009-1721 Common Vulnerability Exposure (CVE) ID: CVE-2009-1722
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.