Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:157 (openjpeg)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72465

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:157 (openjpeg)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to openjpeg
announced via advisory MDVSA-2012:157.

A security issue was identified and fixed in openjpeg:

A heap-based buffer overflow was found in the way OpenJPEG, an
open-source JPEG 2000 codec written in C language, performed parsing
of JPEG2000 image files. A remote attacker could provide a specially
crafted JPEG 2000 file, which when opened in an application linked
against openjpeg would lead to that application crash, or, potentially
arbitrary code execution with the privileges of the user running the
application (CVE-2012-3535).

The updated packages have been patched to correct this issue.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:157

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3535
50360
http://secunia.com/advisories/50360
50681
http://secunia.com/advisories/50681
55214
http://www.securityfocus.com/bid/55214
84978
http://osvdb.org/84978
FEDORA-2012-14664
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090021.html
FEDORA-2012-14707
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090579.html
MDVSA-2012:157
http://www.mandriva.com/security/advisories?name=MDVSA-2012:157
RHSA-2012:1283
http://rhn.redhat.com/errata/RHSA-2012-1283.html
[oss-security] 20120827 CVE Request: Heap-based buffer overflow in openjpeg
http://www.openwall.com/lists/oss-security/2012/08/27/2
[oss-security] 20120827 Re: CVE Request: Heap-based buffer overflow in openjpeg
http://www.openwall.com/lists/oss-security/2012/08/27/3
http://code.google.com/p/openjpeg/issues/detail?id=170
https://bugzilla.redhat.com/show_bug.cgi?id=842918
openjpeg-files-bo(77994)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77994

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72465
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:157 (openjpeg)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openjpeg announced via advisory MDVSA-2012:157. A security issue was identified and fixed in openjpeg: A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application (CVE-2012-3535). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:157 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3535 50360 http://secunia.com/advisories/50360 50681 http://secunia.com/advisories/50681 55214 http://www.securityfocus.com/bid/55214 84978 http://osvdb.org/84978 FEDORA-2012-14664 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090021.html FEDORA-2012-14707 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090579.html MDVSA-2012:157 http://www.mandriva.com/security/advisories?name=MDVSA-2012:157 RHSA-2012:1283 http://rhn.redhat.com/errata/RHSA-2012-1283.html [oss-security] 20120827 CVE Request: Heap-based buffer overflow in openjpeg http://www.openwall.com/lists/oss-security/2012/08/27/2 [oss-security] 20120827 Re: CVE Request: Heap-based buffer overflow in openjpeg http://www.openwall.com/lists/oss-security/2012/08/27/3 http://code.google.com/p/openjpeg/issues/detail?id=170 https://bugzilla.redhat.com/show_bug.cgi?id=842918 openjpeg-files-bo(77994) https://exchange.xforce.ibmcloud.com/vulnerabilities/77994
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com