Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0016

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0016)

Resumen: The remote host is missing an update for the 'gdk-pixbuf2.0' package(s) announced via the MGASA-2018-0016 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gdk-pixbuf2.0' package(s) announced via the MGASA-2018-0016 advisory.

Vulnerability Insight:
JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability
(CVE-2017-2862).

tiff_image_parse Code Execution Vulnerability (CVE-2017-2870).

Ariel Zelivansky discovered that the GDK-PixBuf library did not properly
handle printing certain error messages. If an user or automated system were
tricked into opening a specially crafted image file, a remote attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of
service (CVE-2017-6311).

Out-of-bounds read on io-ico.c (CVE-2017-6312).

A dangerous integer underflow in io-icns.c (CVE-2017-6313).

Infinite loop in io-tiff.c (CVE-2017-6314).

Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only
affected Mageia 5.

Affected Software/OS:
'gdk-pixbuf2.0' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-2862
BugTraq ID: 100541
http://www.securityfocus.com/bid/100541
Debian Security Information: DSA-3978 (Google Search)
http://www.debian.org/security/2017/dsa-3978
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
Common Vulnerability Exposure (CVE) ID: CVE-2017-2870
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6311
BugTraq ID: 96779
http://www.securityfocus.com/bid/96779
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/
https://security.gentoo.org/glsa/201709-08
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
https://bugzilla.gnome.org/show_bug.cgi?id=778204
http://www.openwall.com/lists/oss-security/2017/02/21/4
http://www.openwall.com/lists/oss-security/2017/02/26/1
Common Vulnerability Exposure (CVE) ID: CVE-2017-6312
https://bugzilla.gnome.org/show_bug.cgi?id=779012
Common Vulnerability Exposure (CVE) ID: CVE-2017-6313
https://bugzilla.gnome.org/show_bug.cgi?id=779016
Common Vulnerability Exposure (CVE) ID: CVE-2017-6314
https://bugzilla.gnome.org/show_bug.cgi?id=779020

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0016
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0016)
Resumen:	The remote host is missing an update for the 'gdk-pixbuf2.0' package(s) announced via the MGASA-2018-0016 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gdk-pixbuf2.0' package(s) announced via the MGASA-2018-0016 advisory. Vulnerability Insight: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (CVE-2017-2862). tiff_image_parse Code Execution Vulnerability (CVE-2017-2870). Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service (CVE-2017-6311). Out-of-bounds read on io-ico.c (CVE-2017-6312). A dangerous integer underflow in io-icns.c (CVE-2017-6313). Infinite loop in io-tiff.c (CVE-2017-6314). Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only affected Mageia 5. Affected Software/OS: 'gdk-pixbuf2.0' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2862 BugTraq ID: 100541 http://www.securityfocus.com/bid/100541 Debian Security Information: DSA-3978 (Google Search) http://www.debian.org/security/2017/dsa-3978 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 Common Vulnerability Exposure (CVE) ID: CVE-2017-2870 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377 https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2017-6311 BugTraq ID: 96779 http://www.securityfocus.com/bid/96779 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/ https://security.gentoo.org/glsa/201709-08 http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html https://bugzilla.gnome.org/show_bug.cgi?id=778204 http://www.openwall.com/lists/oss-security/2017/02/21/4 http://www.openwall.com/lists/oss-security/2017/02/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2017-6312 https://bugzilla.gnome.org/show_bug.cgi?id=779012 Common Vulnerability Exposure (CVE) ID: CVE-2017-6313 https://bugzilla.gnome.org/show_bug.cgi?id=779016 Common Vulnerability Exposure (CVE) ID: CVE-2017-6314 https://bugzilla.gnome.org/show_bug.cgi?id=779020
Copyright	Copyright (C) 2022 Greenbone AG