Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2013:116 First vendor Publication 2013-04-10
Vendor Mandriva Last vendor Modification 2013-04-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated pixman packages fix security vulnerability:

Stack-based buffer overflow in libpixman has unspecified impact and attack vectors (CVE-2013-1591).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:116

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21117
 
Oval ID: oval:org.mitre.oval:def:21117
Title: RHSA-2013:0687: pixman security update (Moderate)
Description: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Family: unix Class: patch
Reference(s): RHSA-2013:0687-01
CESA-2013:0687
CVE-2013-1591
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): pixman
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24053
 
Oval ID: oval:org.mitre.oval:def:24053
Title: ELSA-2013:0687: pixman security update (Moderate)
Description: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Family: unix Class: patch
Reference(s): ELSA-2013:0687-01
CVE-2013-1591
Version: 6
Platform(s): Oracle Linux 6
Product(s): pixman
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25333
 
Oval ID: oval:org.mitre.oval:def:25333
Title: SUSE-SU-2013:1373-1 -- Security update for libpixman
Description: A stack based buffer overflow in the pixman library has been fixed. (CVE-2013-1591) Security Issue reference: * CVE-2013-1591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1373-1
CVE-2013-1591
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): libpixman
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27539
 
Oval ID: oval:org.mitre.oval:def:27539
Title: DEPRECATED: ELSA-2013-0687 -- pixman security update (moderate)
Description: [0.26.2-5] - Fix bug 914474 (CVE 2013-1591) - Remove openmp.patch
Family: unix Class: patch
Reference(s): ELSA-2013-0687
CVE-2013-1591
Version: 4
Platform(s): Oracle Linux 6
Product(s): pixman
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 30
Application 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0746.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-686.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpixman-1-0-130726.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0687.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-116.nasl - Type : ACT_GATHER_INFO
2013-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0687.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0687.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130327_pixman_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2450.nasl - Type : ACT_GATHER_INFO
2013-02-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2414.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:43:39
  • Multiple Updates
2013-04-10 17:18:26
  • First insertion