 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.703556 |
| Kategorie: | Debian Local Security Checks |
| Titel: | Debian Security Advisory DSA 3556-1 (libgd2 - security update) |
| Zusammenfassung: | Hans Jerry Illikainen discovered that;libgd2, a library for programmatic graphics creation and manipulation, suffers;of a signedness vulnerability which may result in a heap overflow when processing;specially crafted compressed gd2 data. A remote attacker can take;advantage of this flaw to cause an application using the libgd2 library;to crash, or potentially, to execute arbitrary code with the privileges;of the user running the application. |
| Beschreibung: | Summary: Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application. Affected Software/OS: libgd2 on Debian Linux Solution: For the oldstable distribution (wheezy), this problem has been fixed in version 2.0.36~ rc1~ dfsg-6.1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.1.0-5+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.1.1-4.1. We recommend that you upgrade your libgd2 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-3074 BugTraq ID: 87087 http://www.securityfocus.com/bid/87087 Bugtraq: 20160421 CVE-2016-3074: libgd: signedness vulnerability (Google Search) http://www.securityfocus.com/archive/1/538160/100/0/threaded Debian Security Information: DSA-3556 (Google Search) http://www.debian.org/security/2016/dsa-3556 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 https://www.exploit-db.com/exploits/39736/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html http://seclists.org/fulldisclosure/2016/Apr/72 https://security.gentoo.org/glsa/201607-04 https://security.gentoo.org/glsa/201611-22 http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035659 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127 SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://www.ubuntu.com/usn/USN-2987-1 |
| Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |