Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:189 (jasper)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72081

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:189 (jasper)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to jasper
announced via advisory MDVSA-2011:189.

Multiple vulnerabilities has been discovered and corrected in jasper:

Heap-based buffer overflow in the jpc_cox_getcompparms function in
libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption)
via a crafted numrlvls value in a JPEG2000 file (CVE-2011-4516).

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer
1.900.1 uses an incorrect data type during a certain size calculation,
which allows remote attackers to trigger a heap-based buffer overflow
and execute arbitrary code, or cause a denial of service (heap memory
corruption), via a malformed JPEG2000 file (CVE-2011-4517).

The updated packages have been patched to correct these issues.

Affected: 2010.1, 2011., Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:189

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4516
BugTraq ID: 50992
http://www.securityfocus.com/bid/50992
CERT/CC vulnerability note: VU#887409
http://www.kb.cert.org/vuls/id/887409
Debian Security Information: DSA-2371 (Google Search)
http://www.debian.org/security/2011/dsa-2371
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html
http://osvdb.org/77595
http://www.redhat.com/support/errata/RHSA-2011-1807.html
http://www.redhat.com/support/errata/RHSA-2011-1811.html
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/47193
http://secunia.com/advisories/47306
http://secunia.com/advisories/47353
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
SuSE Security Announcement: openSUSE-SU-2011:1317 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html
http://www.ubuntu.com/usn/USN-1315-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-4517
http://osvdb.org/77596
XForce ISS Database: jasper-jpccrggetparms-bo(71701)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71701

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72081
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:189 (jasper)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to jasper announced via advisory MDVSA-2011:189. Multiple vulnerabilities has been discovered and corrected in jasper: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file (CVE-2011-4516). The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file (CVE-2011-4517). The updated packages have been patched to correct these issues. Affected: 2010.1, 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:189 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4516 BugTraq ID: 50992 http://www.securityfocus.com/bid/50992 CERT/CC vulnerability note: VU#887409 http://www.kb.cert.org/vuls/id/887409 Debian Security Information: DSA-2371 (Google Search) http://www.debian.org/security/2011/dsa-2371 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://osvdb.org/77595 http://www.redhat.com/support/errata/RHSA-2011-1807.html http://www.redhat.com/support/errata/RHSA-2011-1811.html RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 SuSE Security Announcement: openSUSE-SU-2011:1317 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://www.ubuntu.com/usn/USN-1315-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-4517 http://osvdb.org/77596 XForce ISS Database: jasper-jpccrggetparms-bo(71701) https://exchange.xforce.ibmcloud.com/vulnerabilities/71701
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com