Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0258)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0258

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0258)

Resumen: The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2016-0258 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2016-0258 advisory.

Vulnerability Insight:
Updated libgd packages fix security vulnerabilities:

A read out-of-bounds was found in the parsing of TGA files when the header
reports an incorrect size (CVE-2016-6132) or invalid bpp (CVE-2016-6214) or
RLE value (upstream issue 248).

Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207).

A regression in the previous update that caused some packages to fail to
build against libgd has also been fixed (mga#18947).

Affected Software/OS:
'libgd' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6132
BugTraq ID: 91520
http://www.securityfocus.com/bid/91520
Debian Security Information: DSA-3619 (Google Search)
http://www.debian.org/security/2016/dsa-3619
https://security.gentoo.org/glsa/201612-09
http://www.openwall.com/lists/oss-security/2016/06/30/6
http://www.openwall.com/lists/oss-security/2016/06/30/10
SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html
SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html
http://www.ubuntu.com/usn/USN-3060-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-6207
BugTraq ID: 92080
http://www.securityfocus.com/bid/92080
Bugtraq: 20160803 Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/539100/100/0/threaded
Debian Security Information: DSA-3630 (Google Search)
http://www.debian.org/security/2016/dsa-3630
http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html
https://secunia.com/secunia_research/2016-9/
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securitytracker.com/id/1036535
Common Vulnerability Exposure (CVE) ID: CVE-2016-6214
http://www.openwall.com/lists/oss-security/2016/07/13/12
http://www.openwall.com/lists/oss-security/2016/07/13/5

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0258
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0258)
Resumen:	The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2016-0258 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2016-0258 advisory. Vulnerability Insight: Updated libgd packages fix security vulnerabilities: A read out-of-bounds was found in the parsing of TGA files when the header reports an incorrect size (CVE-2016-6132) or invalid bpp (CVE-2016-6214) or RLE value (upstream issue 248). Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207). A regression in the previous update that caused some packages to fail to build against libgd has also been fixed (mga#18947). Affected Software/OS: 'libgd' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6132 BugTraq ID: 91520 http://www.securityfocus.com/bid/91520 Debian Security Information: DSA-3619 (Google Search) http://www.debian.org/security/2016/dsa-3619 https://security.gentoo.org/glsa/201612-09 http://www.openwall.com/lists/oss-security/2016/06/30/6 http://www.openwall.com/lists/oss-security/2016/06/30/10 SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.ubuntu.com/usn/USN-3060-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-6207 BugTraq ID: 92080 http://www.securityfocus.com/bid/92080 Bugtraq: 20160803 Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/539100/100/0/threaded Debian Security Information: DSA-3630 (Google Search) http://www.debian.org/security/2016/dsa-3630 http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html https://secunia.com/secunia_research/2016-9/ RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036535 Common Vulnerability Exposure (CVE) ID: CVE-2016-6214 http://www.openwall.com/lists/oss-security/2016/07/13/12 http://www.openwall.com/lists/oss-security/2016/07/13/5
Copyright	Copyright (C) 2022 Greenbone AG