Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0206)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0206

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0206)

Resumen: The remote host is missing an update for the 'jbig2dec' package(s) announced via the MGASA-2017-0206 advisory.

Descripción: Summary:
The remote host is missing an update for the 'jbig2dec' package(s) announced via the MGASA-2017-0206 advisory.

Vulnerability Insight:
Multiple security issues have been found in the JBIG2 decoder library,
which may lead to lead to denial of service or the execution of arbitrary
code if a malformed image file (usually embedded in a PDF document) is
opened (CVE-2016-9601).

Artifex jbig2dec has a heap-based buffer over-read leading to denial of
service (application crash) because of an integer overflow in the
jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a
during operation on a crafted .jb2 file (CVE-2017-7885).

Artifex jbig2dec allows out-of-bounds writes because of an integer
overflow in the jbig2_build_huffman_table function in jbig2_huffman.c
during operations on a crafted JBIG2 file, leading to a denial of service
(application crash) or possibly execution of arbitrary code
(CVE-2017-7975).

Artifex jbig2dec allows out-of-bounds writes and reads because of an
integer overflow in the jbig2_image_compose function in jbig2_image.c
during operations on a crafted .jb2 file, leading to a denial of service
(application crash) (CVE-2017-7976).

Affected Software/OS:
'jbig2dec' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9601
BugTraq ID: 97095
http://www.securityfocus.com/bid/97095
Debian Security Information: DSA-3817 (Google Search)
https://www.debian.org/security/2017/dsa-3817
https://security.gentoo.org/glsa/201706-24
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601
Common Vulnerability Exposure (CVE) ID: CVE-2017-7885
Debian Security Information: DSA-3855 (Google Search)
http://www.debian.org/security/2017/dsa-3855
https://security.gentoo.org/glsa/201708-10
https://bugs.ghostscript.com/show_bug.cgi?id=697703
Common Vulnerability Exposure (CVE) ID: CVE-2017-7975
https://bugs.ghostscript.com/show_bug.cgi?id=697693
Common Vulnerability Exposure (CVE) ID: CVE-2017-7976
https://bugs.ghostscript.com/show_bug.cgi?id=697683

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0206
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0206)
Resumen:	The remote host is missing an update for the 'jbig2dec' package(s) announced via the MGASA-2017-0206 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jbig2dec' package(s) announced via the MGASA-2017-0206 advisory. Vulnerability Insight: Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened (CVE-2016-9601). Artifex jbig2dec has a heap-based buffer over-read leading to denial of service (application crash) because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file (CVE-2017-7885). Artifex jbig2dec allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code (CVE-2017-7975). Artifex jbig2dec allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) (CVE-2017-7976). Affected Software/OS: 'jbig2dec' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9601 BugTraq ID: 97095 http://www.securityfocus.com/bid/97095 Debian Security Information: DSA-3817 (Google Search) https://www.debian.org/security/2017/dsa-3817 https://security.gentoo.org/glsa/201706-24 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601 Common Vulnerability Exposure (CVE) ID: CVE-2017-7885 Debian Security Information: DSA-3855 (Google Search) http://www.debian.org/security/2017/dsa-3855 https://security.gentoo.org/glsa/201708-10 https://bugs.ghostscript.com/show_bug.cgi?id=697703 Common Vulnerability Exposure (CVE) ID: CVE-2017-7975 https://bugs.ghostscript.com/show_bug.cgi?id=697693 Common Vulnerability Exposure (CVE) ID: CVE-2017-7976 https://bugs.ghostscript.com/show_bug.cgi?id=697683
Copyright	Copyright (C) 2022 Greenbone AG