Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0297)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0297

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0297)

Resumen: The remote host is missing an update for the 'graphicsmagick' package(s) announced via the MGASA-2017-0297 advisory.

Descripción: Summary:
The remote host is missing an update for the 'graphicsmagick' package(s) announced via the MGASA-2017-0297 advisory.

Vulnerability Insight:
Invalid memory read in SetImageColorCallBack() in image.c
(CVE-2017-12935).

Use-after-free in ReadWMFImage() in wmf.c (CVE-2017-12936).

Heap-based buffer overflow in ReadSUNImage() in sun.c (CVE-2017-12937).

Affected Software/OS:
'graphicsmagick' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-12935
Debian Security Information: DSA-4321 (Google Search)
https://www.debian.org/security/2018/dsa-4321
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
https://usn.ubuntu.com/4222-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-12936
http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/
Common Vulnerability Exposure (CVE) ID: CVE-2017-12937
BugTraq ID: 100442
http://www.securityfocus.com/bid/100442
http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0297
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0297)
Resumen:	The remote host is missing an update for the 'graphicsmagick' package(s) announced via the MGASA-2017-0297 advisory.
Descripción:	Summary: The remote host is missing an update for the 'graphicsmagick' package(s) announced via the MGASA-2017-0297 advisory. Vulnerability Insight: Invalid memory read in SetImageColorCallBack() in image.c (CVE-2017-12935). Use-after-free in ReadWMFImage() in wmf.c (CVE-2017-12936). Heap-based buffer overflow in ReadSUNImage() in sun.c (CVE-2017-12937). Affected Software/OS: 'graphicsmagick' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12935 Debian Security Information: DSA-4321 (Google Search) https://www.debian.org/security/2018/dsa-4321 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/ http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188 https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/ https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://usn.ubuntu.com/4222-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-12936 http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-12937 BugTraq ID: 100442 http://www.securityfocus.com/bid/100442 http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978 https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/ https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Copyright	Copyright (C) 2022 Greenbone AG