Detections
Analytics
RHEL 5 : cairo (RHSA-2007:1078)
medium Nessus Plugin ID 28368
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated Cairo packages that resolve a security issue are now available for Red Hat Enterprise Linux 5.This update has been rated as having important security impact by the Red Hat Security Response Team.
Cairo is a vector graphics library designed to provide high-quality display and print output.
An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. (CVE-2007-5503)
Users of Cairo are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
Solution
Update the affected cairo and / or cairo-devel packages.See Also
Plugin Details
Severity: Medium
ID: 28368
File Name: redhat-RHSA-2007-1078.nasl
Version: 1.25
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/30/2007
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:cairo, p-cpe:/a:redhat:enterprise_linux:cairo-devel, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.1
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 11/29/2007
Vulnerability Publication Date: 11/29/2007
Reference Information
CVE: CVE-2007-5503
BID: 26650