Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0329)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2017.0329

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2017-0329)

Zusammenfassung: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0329 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0329 advisory.

Vulnerability Insight:
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in
pdftocairo in Poppler allows attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PDF document (CVE-2017-9776).

The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows
attackers to cause a denial of service (stack-based buffer over-read and
application crash) via a crafted PDF document, related to missing
color-map validation in ImageOutputDev.cc (CVE-2017-9865).

Affected Software/OS:
'poppler' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-9776
BugTraq ID: 99240
http://www.securityfocus.com/bid/99240
Debian Security Information: DSA-4079 (Google Search)
https://www.debian.org/security/2018/dsa-4079
RedHat Security Advisories: RHSA-2017:2550
https://access.redhat.com/errata/RHSA-2017:2550
RedHat Security Advisories: RHSA-2017:2551
https://access.redhat.com/errata/RHSA-2017:2551
Common Vulnerability Exposure (CVE) ID: CVE-2017-9865
https://security.gentoo.org/glsa/201801-17
http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
https://bugs.freedesktop.org/show_bug.cgi?id=100774
https://usn.ubuntu.com/4042-1/

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0329
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0329)
Zusammenfassung:	The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0329 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0329 advisory. Vulnerability Insight: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (CVE-2017-9776). The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc (CVE-2017-9865). Affected Software/OS: 'poppler' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-9776 BugTraq ID: 99240 http://www.securityfocus.com/bid/99240 Debian Security Information: DSA-4079 (Google Search) https://www.debian.org/security/2018/dsa-4079 RedHat Security Advisories: RHSA-2017:2550 https://access.redhat.com/errata/RHSA-2017:2550 RedHat Security Advisories: RHSA-2017:2551 https://access.redhat.com/errata/RHSA-2017:2551 Common Vulnerability Exposure (CVE) ID: CVE-2017-9865 https://security.gentoo.org/glsa/201801-17 http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html https://bugs.freedesktop.org/show_bug.cgi?id=100774 https://usn.ubuntu.com/4042-1/
Copyright	Copyright (C) 2022 Greenbone AG