Soluciones para vulnerabilidades

La exploración de vulnerabilidades periódica de Nimsoft Cloud Monitor busca la vulnerabilidad siguiente. Para ver las soluciones añadidas más recientemente que Nimsoft Cloud Monitor explora, visite Soluciones para vulnerabilidades.

Categoría: Gentoo Local Security Checks Factor de riesgo: Medium Añadido: 3 jul 2009
Synopsis:

The remote host is missing the GLSA-200907-01 security update.

Description:

The remote host is affected by the vulnerability described in GLSA-200907-01
(libwmf: User-assisted execution of arbitrary code)


The embedded fork of the GD library introduced a "use-after-free"
vulnerability in a modification which is specific to libwmf.

Impact

A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

See also:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364
http://www.gentoo.org/security/en/glsa/glsa-200907-01.xml

Solution:

All libwmf users should upgrade to the latest version which no longer builds the GD library:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3"

Risk factor:

Medium