Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:113: tetex Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the tetex package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:113 (tetex).
Integer overflows were reported in the GD Graphics Library (libgd)
2.0.28, and possibly other versions. These overflows allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via PNG image files with large image rows values that lead to a
heap-based buffer overflow in the gdImageCreateFromPngCtx() function.
Tetex contains an embedded copy of the GD library code. (CVE-2004-0941)
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers
to cause a denial of service (CPU consumption) via malformed GIF data that
causes an infinite loop. Tetex contains an embedded copy of the GD library
Updated packages have been patched to address both issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:113
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.