ID de Prueba:	1.3.6.1.4.1.25623.1.0.61621
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0893
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0893. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0893.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1372 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html BugTraq ID: 28286 http://www.securityfocus.com/bid/28286 Bugtraq: 20080321 rPSA-2008-0118-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/489968/100/0/threaded Bugtraq: 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 (Google Search) http://www.securityfocus.com/archive/1/498863/100/0/threaded Cert/CC Advisory: TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html CERT/CC vulnerability note: VU#813451 http://www.kb.cert.org/vuls/id/813451 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml http://security.gentoo.org/glsa/glsa-200903-40.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:075 http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 http://www.redhat.com/support/errata/RHSA-2008-0893.html http://www.securitytracker.com/id?1020867 http://secunia.com/advisories/29410 http://secunia.com/advisories/29475 http://secunia.com/advisories/29497 http://secunia.com/advisories/29506 http://secunia.com/advisories/29656 http://secunia.com/advisories/29677 http://secunia.com/advisories/29698 http://secunia.com/advisories/29940 http://secunia.com/advisories/31204 http://secunia.com/advisories/31869 http://secunia.com/advisories/31878 http://secunia.com/advisories/36096 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html https://usn.ubuntu.com/590-1/ http://www.vupen.com/english/advisories/2008/0915 http://www.vupen.com/english/advisories/2008/2557 http://www.vupen.com/english/advisories/2009/2172 XForce ISS Database: bzip2-archives-code-execution(41249) https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.