Mandrake Security Advisory MDVSA-2009:180 (compface) Network Vulnerability

Summary

The remote host is missing an update to compface announced via advisory MDVSA-2009:180.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:180

Insight

A vulnerability has been found and corrected in compface: Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file (CVE-2009-2286). This update provides fixes for this vulnerability. Affected: Enterprise Server 5.0

Severity

Classification

CVE CVE-2009-2286

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:047 (vim)
Mandrake Security Advisory MDVSA-2009:170 (initscripts)
Mandrake Security Advisory MDVSA-2009:038 (blender)
Mandrake Security Advisory MDVSA-2009:124-1 (apache)
Mandrake Security Advisory MDVSA-2009:011 (virtualbox)

Take action and discover your vulnerabilities