Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:043 (libtheora)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66929

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:043 (libtheora)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to libtheora
announced via advisory MDVSA-2010:043.

A vulnerability have been discovered and corrected in libtheora:

Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a video with large dimensions
(CVE-2009-3389).

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2009.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:043

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3389
BugTraq ID: 37349
http://www.securityfocus.com/bid/37349
BugTraq ID: 37368
http://www.securityfocus.com/bid/37368
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:043
http://www.theora.org/news/#libtheora-1.1.0
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7967
http://secunia.com/advisories/37699
http://secunia.com/advisories/37785
http://secunia.com/advisories/37856
http://secunia.com/advisories/37881
http://secunia.com/advisories/39317
SuSE Security Announcement: SUSE-SA:2009:063 (Google Search)
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
SuSE Security Announcement: SUSE-SR:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-874-1
http://www.vupen.com/english/advisories/2009/3547
XForce ISS Database: mozilla-theora-bo(54805)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54805

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66929
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:043 (libtheora)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libtheora announced via advisory MDVSA-2010:043. A vulnerability have been discovered and corrected in libtheora: Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389). The updated packages have been patched to correct this issue. Affected: 2009.0, 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:043 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3389 BugTraq ID: 37349 http://www.securityfocus.com/bid/37349 BugTraq ID: 37368 http://www.securityfocus.com/bid/37368 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:043 http://www.theora.org/news/#libtheora-1.1.0 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7967 http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://secunia.com/advisories/39317 SuSE Security Announcement: SUSE-SA:2009:063 (Google Search) http://www.novell.com/linux/security/advisories/2009_63_firefox.html SuSE Security Announcement: SUSE-SR:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-874-1 http://www.vupen.com/english/advisories/2009/3547 XForce ISS Database: mozilla-theora-bo(54805) https://exchange.xforce.ibmcloud.com/vulnerabilities/54805
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com