Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0224)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0224

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0224)

Resumen: The remote host is missing an update for the 'libraw' package(s) announced via the MGASA-2015-0224 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libraw' package(s) announced via the MGASA-2015-0224 advisory.

Vulnerability Insight:
Updated libraw packages fix security vulnerability:

The dcraw tool suffers from an integer overflow condition which lead to a
buffer overflow. The vulnerability concerns the 'len' variable, parsed without
validation from opened images, used in the ljpeg_start() function. A
maliciously crafted raw image file can be used to trigger the vulnerability,
causing a Denial of Service condition (CVE-2015-3885).

LibRaw contains a bundled copy of the affected code. The libraw package has
been patched to fix this issue.

Affected Software/OS:
'libraw' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3885
BugTraq ID: 74590
http://www.securityfocus.com/bid/74590
Bugtraq: 20150511 [oCERT-2015-006] dcraw input sanitization errors (Google Search)
http://www.securityfocus.com/archive/1/535513/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html
https://security.gentoo.org/glsa/201701-54
https://security.gentoo.org/glsa/201706-17
http://www.ocert.org/advisories/ocert-2015-006.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0224
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0224)
Resumen:	The remote host is missing an update for the 'libraw' package(s) announced via the MGASA-2015-0224 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libraw' package(s) announced via the MGASA-2015-0224 advisory. Vulnerability Insight: Updated libraw packages fix security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition (CVE-2015-3885). LibRaw contains a bundled copy of the affected code. The libraw package has been patched to fix this issue. Affected Software/OS: 'libraw' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3885 BugTraq ID: 74590 http://www.securityfocus.com/bid/74590 Bugtraq: 20150511 [oCERT-2015-006] dcraw input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/535513/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html https://security.gentoo.org/glsa/201701-54 https://security.gentoo.org/glsa/201706-17 http://www.ocert.org/advisories/ocert-2015-006.html
Copyright	Copyright (C) 2022 Greenbone AG