Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0157)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0157

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0157)

Zusammenfassung: The remote host is missing an update for the 'dcraw' package(s) announced via the MGASA-2020-0157 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'dcraw' package(s) announced via the MGASA-2020-0157 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

There is a floating point exception in the kodak_radc_load_raw function
in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial
of service attack. (CVE-2017-13735)

In LibRaw through 0.18.4, an out of bounds read flaw related to
kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/
dcraw_common.cpp. An attacker could possibly exploit this flaw to
disclose potentially sensitive memory or cause an application crash.
(CVE-2017-14608)

A stack-based buffer overflow in the find_green() function of dcraw
through 9.28, as used in ufraw-batch and many other products, may allow
a remote attacker to cause a control-flow hijack, denial-of-service, or
unspecified other impact via a maliciously crafted raw photo file.
(CVE-2018-19655)

Affected Software/OS:
'dcraw' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-13735
https://bugzilla.redhat.com/show_bug.cgi?id=1483988
Common Vulnerability Exposure (CVE) ID: CVE-2017-14608
Common Vulnerability Exposure (CVE) ID: CVE-2018-19655
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0157
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0157)
Zusammenfassung:	The remote host is missing an update for the 'dcraw' package(s) announced via the MGASA-2020-0157 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dcraw' package(s) announced via the MGASA-2020-0157 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. (CVE-2017-13735) In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/ dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-14608) A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. (CVE-2018-19655) Affected Software/OS: 'dcraw' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-13735 https://bugzilla.redhat.com/show_bug.cgi?id=1483988 Common Vulnerability Exposure (CVE) ID: CVE-2017-14608 Common Vulnerability Exposure (CVE) ID: CVE-2018-19655 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529
Copyright	Copyright (C) 2022 Greenbone AG