ID de Prueba:	1.3.6.1.4.1.25623.1.0.72143
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:122 (icedtea-web)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to icedtea-web announced via advisory MDVSA-2012:122. Multiple vulnerabilities has been discovered and corrected in icedtea-web: An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code (CVE-2012-3422). It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution (CVE-2012-3423). The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues. Affected: 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:122 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3422 http://security.gentoo.org/glsa/glsa-201406-32.xml https://bugzilla.redhat.com/show_bug.cgi?id=840592 RedHat Security Advisories: RHSA-2012:1132 http://rhn.redhat.com/errata/RHSA-2012-1132.html http://secunia.com/advisories/50089 SuSE Security Announcement: SUSE-SU-2012:0979 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html SuSE Security Announcement: SUSE-SU-2013:0851 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html SuSE Security Announcement: SUSE-SU-2013:1174 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:0981 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2012:0982 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html SuSE Security Announcement: openSUSE-SU-2013:0826 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html SuSE Security Announcement: openSUSE-SU-2013:0893 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html SuSE Security Announcement: openSUSE-SU-2013:0966 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html http://www.ubuntu.com/usn/USN-1521-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3423 https://bugzilla.redhat.com/show_bug.cgi?id=841345
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.