Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2016.0252
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0252)
Zusammenfassung:	The remote host is missing an update for the 'gnudl, graphicsmagick, octave, pdf2djvu, photoqt' package(s) announced via the MGASA-2016-0252 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'gnudl, graphicsmagick, octave, pdf2djvu, photoqt' package(s) announced via the MGASA-2016-0252 advisory. Vulnerability Insight: - A read out-of-bound in the parsing of gif files using GraphicsMagick (CVE-2015-8808). - Infinite loop caused by converting a circular defined svg file (CVE-2016-5240). - Fix another case of CVE-2016-2317 (heap buffer overflow) in the MVG rendering code (also impacts SVG). - arithmetic exception converting a svg file (CVE-2016-5241) - Arithmetic exception converting a svg file caused by a X%0 operation in magick/render.c (CVE-2016-2318) - A shell exploit (CVE-2016-5118) was discovered associated with a filename syntax where file names starting with '' are interpreted as shell commands executed via popen(). Insufficient sanitization in the SVG and MVG renderers allows such filenames to be passed through from potentially untrusted files. There might be other ways for untrusted inputs to produce such filenames. Due to this issue, support for the feature is removed entirely. The gnudl, octave, pdf2djvu, and photoqt packages have been rebuilt to use the updated GraphicsMagick++ library. Affected Software/OS: 'gnudl, graphicsmagick, octave, pdf2djvu, photoqt' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2317 BugTraq ID: 83241 http://www.securityfocus.com/bid/83241 Debian Security Information: DSA-3746 (Google Search) http://www.debian.org/security/2016/dsa-3746 http://www.openwall.com/lists/oss-security/2016/02/11/6 http://www.openwall.com/lists/oss-security/2016/05/20/4 http://www.openwall.com/lists/oss-security/2016/05/27/4 http://www.openwall.com/lists/oss-security/2016/05/31/3 http://www.openwall.com/lists/oss-security/2016/09/07/4 http://www.openwall.com/lists/oss-security/2016/09/18/8 SuSE Security Announcement: SUSE-SU-2016:1783 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:1724 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html SuSE Security Announcement: openSUSE-SU-2016:2073 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2318 Common Vulnerability Exposure (CVE) ID: CVE-2016-5118 BugTraq ID: 90938 http://www.securityfocus.com/bid/90938 Debian Security Information: DSA-3591 (Google Search) http://www.debian.org/security/2016/dsa-3591 http://www.openwall.com/lists/oss-security/2016/05/29/7 http://www.openwall.com/lists/oss-security/2016/05/30/1 RedHat Security Advisories: RHSA-2016:1237 https://access.redhat.com/errata/RHSA-2016:1237 http://www.securitytracker.com/id/1035984 http://www.securitytracker.com/id/1035985 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 SuSE Security Announcement: SUSE-SU-2016:1570 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html SuSE Security Announcement: SUSE-SU-2016:1610 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html SuSE Security Announcement: SUSE-SU-2016:1614 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html SuSE Security Announcement: openSUSE-SU-2016:1521 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html SuSE Security Announcement: openSUSE-SU-2016:1522 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:1534 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:1653 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html http://www.ubuntu.com/usn/USN-2990-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5240 BugTraq ID: 89348 http://www.securityfocus.com/bid/89348 http://www.openwall.com/lists/oss-security/2016/05/01/4 http://www.openwall.com/lists/oss-security/2016/05/01/6 http://www.openwall.com/lists/oss-security/2016/06/02/14 Common Vulnerability Exposure (CVE) ID: CVE-2016-5241 https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2016-8808 BugTraq ID: 93999 http://www.securityfocus.com/bid/93999 https://www.exploit-db.com/exploits/40666/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.