Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0493
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0493)
Zusammenfassung:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0493 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0493 advisory. Vulnerability Insight: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. (CVE-2018-12900) LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. (CVE-2018-18557) In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. (CVE-2018-19210) Affected Software/OS: 'libtiff' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12900 Debian Security Information: DSA-4670 (Google Search) https://www.debian.org/security/2020/dsa-4670 http://bugzilla.maptools.org/show_bug.cgi?id=2798 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html RedHat Security Advisories: RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053 RedHat Security Advisories: RHSA-2019:3419 https://access.redhat.com/errata/RHSA-2019:3419 https://usn.ubuntu.com/3906-1/ https://usn.ubuntu.com/3906-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18557 Debian Security Information: DSA-4349 (Google Search) https://www.debian.org/security/2018/dsa-4349 https://www.exploit-db.com/exploits/45694/ https://security.gentoo.org/glsa/201904-15 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557 https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66 https://gitlab.com/libtiff/libtiff/merge_requests/38 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-19210 BugTraq ID: 105932 http://www.securityfocus.com/bid/105932 Bugtraq: 20191104 [slackware-security] libtiff (SSA:2019-308-01) (Google Search) https://seclists.org/bugtraq/2019/Nov/5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/ https://security.gentoo.org/glsa/202003-25 http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:1161 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.