Debian Security Advisory DSA 1717-1 (devil) Network Vulnerability

Summary

The remote host is missing an update to devil announced via advisory DSA 1717-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201717-1

Insight

Stefan Cornelius discovered a buffer overflow in devil, a cross-platform image loading and manipulation toolkit, which could be triggered via a crafted Radiance RGBE file. This could potentially lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.6.7-5+etch1. For the testing distribution (lenny), this problem has been fixed in version 1.6.8-rc2-3+lenny1. For the unstable distribution (sid), this problem has been fixed in version 1.7.5-4. We recommend that you upgrade your devil package.

Severity

Classification

CVE CVE-2008-5262

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 071-1 (fetchmail)
Debian Security Advisory DSA 034-1 (ePerl)
Debian Security Advisory DSA 107-1 (jgroff)
Debian Security Advisory DSA 1005-1 (xine-lib)
Debian Security Advisory DSA 063-1 (xinetd)

Take action and discover your vulnerabilities