Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:296-1 (gimp)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66494

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2009:296-1 (gimp)

Resumen: The remote host is missing an update to gimp;announced via advisory MDVSA-2009:296-1.

Descripción: Summary:
The remote host is missing an update to gimp
announced via advisory MDVSA-2009:296-1.

Vulnerability Insight:
A vulnerability was discovered and corrected in gimp:

Integer overflow in the ReadImage function in
plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a BMP file with crafted width and height
values that trigger a heap-based buffer overflow (CVE-2009-1570).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1570
BugTraq ID: 37006
http://www.securityfocus.com/bid/37006
Bugtraq: 20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/507813/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-23.xml
http://secunia.com/secunia_research/2009-42/
https://bugzilla.gnome.org/show_bug.cgi?id=600484
http://www.osvdb.org/59930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290
http://www.redhat.com/support/errata/RHSA-2011-0837.html
http://www.redhat.com/support/errata/RHSA-2011-0838.html
http://secunia.com/advisories/37232
http://secunia.com/advisories/50737
SuSE Security Announcement: SUSE-SR:2010:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://www.vupen.com/english/advisories/2009/3228
http://www.vupen.com/english/advisories/2009/3564
http://www.vupen.com/english/advisories/2010/1021
XForce ISS Database: gimp-readimage-bo(54254)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54254

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66494
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:296-1 (gimp)
Resumen:	The remote host is missing an update to gimp;announced via advisory MDVSA-2009:296-1.
Descripción:	Summary: The remote host is missing an update to gimp announced via advisory MDVSA-2009:296-1. Vulnerability Insight: A vulnerability was discovered and corrected in gimp: Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow (CVE-2009-1570). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1570 BugTraq ID: 37006 http://www.securityfocus.com/bid/37006 Bugtraq: 20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/507813/100/0/threaded http://security.gentoo.org/glsa/glsa-201209-23.xml http://secunia.com/secunia_research/2009-42/ https://bugzilla.gnome.org/show_bug.cgi?id=600484 http://www.osvdb.org/59930 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290 http://www.redhat.com/support/errata/RHSA-2011-0837.html http://www.redhat.com/support/errata/RHSA-2011-0838.html http://secunia.com/advisories/37232 http://secunia.com/advisories/50737 SuSE Security Announcement: SUSE-SR:2010:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://www.vupen.com/english/advisories/2009/3228 http://www.vupen.com/english/advisories/2009/3564 http://www.vupen.com/english/advisories/2010/1021 XForce ISS Database: gimp-readimage-bo(54254) https://exchange.xforce.ibmcloud.com/vulnerabilities/54254
Copyright	Copyright (C) 2009 E-Soft Inc.