Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0276
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0276)
Zusammenfassung:	The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0276 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0276 advisory. Vulnerability Insight: Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service (CVE-2017-7511). It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service (CVE-2017-7515). It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service (CVE-2017-9406, CVE-2017-9408). Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service (CVE-2017-9775). Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (CVE-2017-9776). The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc (CVE-2017-9865). Affected Software/OS: 'poppler' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7511 GLSA-201801-17 https://security.gentoo.org/glsa/201801-17 https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a Common Vulnerability Exposure (CVE) ID: CVE-2017-7515 https://bugs.freedesktop.org/show_bug.cgi?id=101208 Common Vulnerability Exposure (CVE) ID: CVE-2017-9406 Debian Security Information: DSA-4079 (Google Search) https://www.debian.org/security/2018/dsa-4079 Common Vulnerability Exposure (CVE) ID: CVE-2017-9408 Common Vulnerability Exposure (CVE) ID: CVE-2017-9775 BugTraq ID: 99241 http://www.securityfocus.com/bid/99241 RedHat Security Advisories: RHSA-2017:2551 https://access.redhat.com/errata/RHSA-2017:2551 Common Vulnerability Exposure (CVE) ID: CVE-2017-9776 BugTraq ID: 99240 http://www.securityfocus.com/bid/99240 RedHat Security Advisories: RHSA-2017:2550 https://access.redhat.com/errata/RHSA-2017:2550 Common Vulnerability Exposure (CVE) ID: CVE-2017-9865 http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html https://bugs.freedesktop.org/show_bug.cgi?id=100774 https://usn.ubuntu.com/4042-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.