Soluzioni per la vulnerabilità

La Scansione Vulnerabilità periodica di Nimsoft Cloud Monitor verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità

Categoria: Gentoo Local Security Checks Fattore di rischio: Medium Aggiunto il: 3 lug 2009
Synopsis:

The remote host is missing the GLSA-200907-01 security update.

Description:

The remote host is affected by the vulnerability described in GLSA-200907-01
(libwmf: User-assisted execution of arbitrary code)


The embedded fork of the GD library introduced a "use-after-free"
vulnerability in a modification which is specific to libwmf.

Impact

A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

See also:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364
http://www.gentoo.org/security/en/glsa/glsa-200907-01.xml

Solution:

All libwmf users should upgrade to the latest version which no longer builds the GD library:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3"

Risk factor:

Medium