Bugraq ID: 35863
CVE ID:CVE-2009-2286
Compface是一款X-face格式转换的工具和库。
Compface处理'.xbm'文件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。
构建包含超长条目的'.xbm'文件,诱使用户解析,可导致任意代码执行。
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
James Ashton compface 1.5.2
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 armel
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
厂商解决方案
用户可参考如下升级程序:
MandrakeSoft Enterprise Server 5 x86_64
Mandriva compface-1.5.2-5.1mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva lib64compface-devel-1.5.2-5.1mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva lib64compface1-1.5.2-5.1mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Enterprise Server 5
Mandriva compface-1.5.2-5.1mdvmes5.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libcompface-devel-1.5.2-5.1mdvmes5.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libcompface1-1.5.2-5.1mdvmes5.i586.rpm
http://www.mandriva.com/en/download/
京ICP备10040895号
暂无评论