Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0454
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0454)
Zusammenfassung:	The remote host is missing an update for the 'mingw-SDL2, mingw-SDL2_image, mingw-SDL2_mixer, sdl2, sdl2_image, sdl2_mixer' package(s) announced via the MGASA-2018-0454 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mingw-SDL2, mingw-SDL2_image, mingw-SDL2_mixer, sdl2, sdl2_image, sdl2_mixer' package(s) announced via the MGASA-2018-0454 advisory. Vulnerability Insight: This update fixes various security vulnerabilities affecting the SDL2_image library, listed below. The fixes are provided in SDL2_image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2_mixer libraries are also updated to their current stable releases, providing various bug fixes and features. The security vulnerabilities fixed in this update are the following: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0488, CVE-2017-12122) An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0489, CVE-2017-14440) An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0490, CVE-2017-14441) An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0491, CVE-2017-14442) An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0497, CVE-2017-14448) A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0498, CVE-2017-14449) A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. (TALOS-2017-0499, CVE-2017-14450) An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2018-0519, CVE-2018-3837) An ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'mingw-SDL2, mingw-SDL2_image, mingw-SDL2_mixer, sdl2, sdl2_image, sdl2_mixer' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12122 Debian Security Information: DSA-4177 (Google Search) https://www.debian.org/security/2018/dsa-4177 Debian Security Information: DSA-4184 (Google Search) https://www.debian.org/security/2018/dsa-4184 https://security.gentoo.org/glsa/201903-17 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488 https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2017-14440 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489 Common Vulnerability Exposure (CVE) ID: CVE-2017-14441 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490 Common Vulnerability Exposure (CVE) ID: CVE-2017-14442 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491 Common Vulnerability Exposure (CVE) ID: CVE-2017-14448 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497 Common Vulnerability Exposure (CVE) ID: CVE-2017-14449 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498 Common Vulnerability Exposure (CVE) ID: CVE-2017-14450 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499 Common Vulnerability Exposure (CVE) ID: CVE-2018-3837 https://www.starwindsoftware.com/security/sw-20191008-0001/ https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519 Common Vulnerability Exposure (CVE) ID: CVE-2018-3838 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520 Common Vulnerability Exposure (CVE) ID: CVE-2018-3839 https://www.starwindsoftware.com/security/sw-20191008-0002/ https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521 Common Vulnerability Exposure (CVE) ID: CVE-2018-3977 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://usn.ubuntu.com/4238-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.