Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0145)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0145

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0145)

Resumen: The remote host is missing an update for the 'cups-filters, libjpeg, qpdf' package(s) announced via the MGASA-2018-0145 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cups-filters, libjpeg, qpdf' package(s) announced via the MGASA-2018-0145 advisory.

Vulnerability Insight:
Updated qpdf packages fix security vulnerabilities:

1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
3. Stack out of bounds read in iterate_rc4()
4. heap out of bounds read (large) in Pl_Buffer::write
5. Hang due to a pdf xref loop:

Also, the libjpeg package has been patched to provide pkgconfig files, so that
cups-filters could be rebuilt against this qpdf update.

Affected Software/OS:
'cups-filters, libjpeg, qpdf' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-11624
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html
https://github.com/qpdf/qpdf/issues/117
https://usn.ubuntu.com/3638-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-11625
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html
https://github.com/qpdf/qpdf/issues/120
Common Vulnerability Exposure (CVE) ID: CVE-2017-11626
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html
https://github.com/qpdf/qpdf/issues/119
Common Vulnerability Exposure (CVE) ID: CVE-2017-11627
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
https://github.com/qpdf/qpdf/issues/118
Common Vulnerability Exposure (CVE) ID: CVE-2017-12595
Common Vulnerability Exposure (CVE) ID: CVE-2017-9208
https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/
Common Vulnerability Exposure (CVE) ID: CVE-2017-9209
Common Vulnerability Exposure (CVE) ID: CVE-2017-9210

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0145
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0145)
Resumen:	The remote host is missing an update for the 'cups-filters, libjpeg, qpdf' package(s) announced via the MGASA-2018-0145 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cups-filters, libjpeg, qpdf' package(s) announced via the MGASA-2018-0145 advisory. Vulnerability Insight: Updated qpdf packages fix security vulnerabilities: 1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral() 2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject() 3. Stack out of bounds read in iterate_rc4() 4. heap out of bounds read (large) in Pl_Buffer::write 5. Hang due to a pdf xref loop: Also, the libjpeg package has been patched to provide pkgconfig files, so that cups-filters could be rebuilt against this qpdf update. Affected Software/OS: 'cups-filters, libjpeg, qpdf' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11624 http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html https://github.com/qpdf/qpdf/issues/117 https://usn.ubuntu.com/3638-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11625 http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html https://github.com/qpdf/qpdf/issues/120 Common Vulnerability Exposure (CVE) ID: CVE-2017-11626 http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html https://github.com/qpdf/qpdf/issues/119 Common Vulnerability Exposure (CVE) ID: CVE-2017-11627 http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html https://github.com/qpdf/qpdf/issues/118 Common Vulnerability Exposure (CVE) ID: CVE-2017-12595 Common Vulnerability Exposure (CVE) ID: CVE-2017-9208 https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/ Common Vulnerability Exposure (CVE) ID: CVE-2017-9209 Common Vulnerability Exposure (CVE) ID: CVE-2017-9210
Copyright	Copyright (C) 2022 Greenbone AG