Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0246)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2018.0246

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2018-0246)

Zusammenfassung: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0246 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0246 advisory.

Vulnerability Insight:
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
through 4.0.9 allows remote attackers to cause a denial of service
(assertion failure and application crash) via a crafted file, a
different vulnerability than CVE-2017-13726. (CVE-2018-10963)

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function
LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated
by tiff2ps. (CVE-2018-8905)

Affected Software/OS:
'libtiff' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-10963
Debian Security Information: DSA-4349 (Google Search)
https://www.debian.org/security/2018/dsa-4349
http://bugzilla.maptools.org/show_bug.cgi?id=2795
https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html
RedHat Security Advisories: RHSA-2019:2053
https://access.redhat.com/errata/RHSA-2019:2053
https://usn.ubuntu.com/3864-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8905
http://bugzilla.maptools.org/show_bug.cgi?id=2780
https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow
https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0246
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0246)
Zusammenfassung:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0246 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0246 advisory. Vulnerability Insight: The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (CVE-2018-10963) In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. (CVE-2018-8905) Affected Software/OS: 'libtiff' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10963 Debian Security Information: DSA-4349 (Google Search) https://www.debian.org/security/2018/dsa-4349 http://bugzilla.maptools.org/show_bug.cgi?id=2795 https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html RedHat Security Advisories: RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053 https://usn.ubuntu.com/3864-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8905 http://bugzilla.maptools.org/show_bug.cgi?id=2780 https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html
Copyright	Copyright (C) 2022 Greenbone AG