Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0100)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131254

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0100)

Resumen: The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2016-0100 advisory.

Descripción: Summary:
The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2016-0100 advisory.

Vulnerability Insight:
Updated jasper packages fix security vulnerabilities:

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote
attackers to cause a denial of service (invalid read and application
crash) via a crafted JPEG 2000 image (CVE-2016-2089).

Jacob Baines discovered that a double free vulnerability in the
jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows
remote attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted ICC color profile in a JPEG 2000 image file
(CVE-2016-1577).

Tyler Hicks discovered that a memory leak in the
jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows
remote attackers to cause a denial of service (memory consumption) via a
crafted ICC color profile in a JPEG 2000 image file (CVE-2016-2116).

Affected Software/OS:
'jasper' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1577
BugTraq ID: 84133
http://www.securityfocus.com/bid/84133
Debian Security Information: DSA-3508 (Google Search)
http://www.debian.org/security/2016/dsa-3508
http://www.openwall.com/lists/oss-security/2016/03/03/12
RedHat Security Advisories: RHSA-2017:1208
https://access.redhat.com/errata/RHSA-2017:1208
http://www.ubuntu.com/usn/USN-2919-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2089
BugTraq ID: 83108
http://www.securityfocus.com/bid/83108
http://www.openwall.com/lists/oss-security/2016/01/28/6
http://www.openwall.com/lists/oss-security/2016/01/28/4
SuSE Security Announcement: openSUSE-SU-2016:0408 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html
SuSE Security Announcement: openSUSE-SU-2016:0413 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2116

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131254
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0100)
Resumen:	The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2016-0100 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2016-0100 advisory. Vulnerability Insight: Updated jasper packages fix security vulnerabilities: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image (CVE-2016-2089). Jacob Baines discovered that a double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file (CVE-2016-1577). Tyler Hicks discovered that a memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (CVE-2016-2116). Affected Software/OS: 'jasper' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1577 BugTraq ID: 84133 http://www.securityfocus.com/bid/84133 Debian Security Information: DSA-3508 (Google Search) http://www.debian.org/security/2016/dsa-3508 http://www.openwall.com/lists/oss-security/2016/03/03/12 RedHat Security Advisories: RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208 http://www.ubuntu.com/usn/USN-2919-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2089 BugTraq ID: 83108 http://www.securityfocus.com/bid/83108 http://www.openwall.com/lists/oss-security/2016/01/28/6 http://www.openwall.com/lists/oss-security/2016/01/28/4 SuSE Security Announcement: openSUSE-SU-2016:0408 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html SuSE Security Announcement: openSUSE-SU-2016:0413 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2116
Copyright	Copyright (C) 2016 Greenbone AG