Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:296 (gimp)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66679

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2009:296 (gimp)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to gimp
announced via advisory MDVSA-2009:296.

A vulnerability was discovered and corrected in gimp:

Integer overflow in the ReadImage function in
plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a BMP file with crafted width and height
values that trigger a heap-based buffer overflow (CVE-2009-1570).

This update provides a solution to this vulnerability.

Affected: 2009.1, 2010.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:296
http://secunia.com/secunia_research/2009-42/

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1570
BugTraq ID: 37006
http://www.securityfocus.com/bid/37006
Bugtraq: 20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/507813/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-23.xml
http://secunia.com/secunia_research/2009-42/
https://bugzilla.gnome.org/show_bug.cgi?id=600484
http://www.osvdb.org/59930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290
http://www.redhat.com/support/errata/RHSA-2011-0837.html
http://www.redhat.com/support/errata/RHSA-2011-0838.html
http://secunia.com/advisories/37232
http://secunia.com/advisories/50737
SuSE Security Announcement: SUSE-SR:2010:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://www.vupen.com/english/advisories/2009/3228
http://www.vupen.com/english/advisories/2009/3564
http://www.vupen.com/english/advisories/2010/1021
XForce ISS Database: gimp-readimage-bo(54254)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54254

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66679
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:296 (gimp)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gimp announced via advisory MDVSA-2009:296. A vulnerability was discovered and corrected in gimp: Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow (CVE-2009-1570). This update provides a solution to this vulnerability. Affected: 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:296 http://secunia.com/secunia_research/2009-42/ Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1570 BugTraq ID: 37006 http://www.securityfocus.com/bid/37006 Bugtraq: 20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/507813/100/0/threaded http://security.gentoo.org/glsa/glsa-201209-23.xml http://secunia.com/secunia_research/2009-42/ https://bugzilla.gnome.org/show_bug.cgi?id=600484 http://www.osvdb.org/59930 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290 http://www.redhat.com/support/errata/RHSA-2011-0837.html http://www.redhat.com/support/errata/RHSA-2011-0838.html http://secunia.com/advisories/37232 http://secunia.com/advisories/50737 SuSE Security Announcement: SUSE-SR:2010:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://www.vupen.com/english/advisories/2009/3228 http://www.vupen.com/english/advisories/2009/3564 http://www.vupen.com/english/advisories/2010/1021 XForce ISS Database: gimp-readimage-bo(54254) https://exchange.xforce.ibmcloud.com/vulnerabilities/54254
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com