Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0465)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0465

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0465)

Resumen: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2018-0465 advisory.

Descripción: Summary:
The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2018-0465 advisory.

Vulnerability Insight:
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause
infinite recursion via a crafted file. A remote attacker can leverage
this for a DoS attack. (CVE-2018-16646)

An issue was discovered in Poppler 0.71.0. There is a reachable abort in
Object.h, will lead to denial of service because EmbFile::save2 in
FileSpec.cc lacks a stream check before saving an embedded file.
(CVE-2018-19058)

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read
in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as
demonstrated by utils/pdfdetach.cc not validating embedded files before
save attempts. (CVE-2018-19059)

An issue was discovered in Poppler 0.71.0. There is a NULL pointer
dereference in goo/GooString.h, will lead to denial of service, as
demonstrated by utils/pdfdetach.cc not validating a filename of an
embedded file before constructing a save path. (CVE-2018-19060)

Affected Software/OS:
'poppler' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-16646
https://bugzilla.redhat.com/show_bug.cgi?id=1622951
https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html
https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
RedHat Security Advisories: RHSA-2019:2022
https://access.redhat.com/errata/RHSA-2019:2022
https://usn.ubuntu.com/3837-1/
https://usn.ubuntu.com/3837-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-19058
https://gitlab.freedesktop.org/poppler/poppler/issues/659
https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-19059
https://gitlab.freedesktop.org/poppler/poppler/issues/661
Common Vulnerability Exposure (CVE) ID: CVE-2018-19060
https://gitlab.freedesktop.org/poppler/poppler/issues/660

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0465
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0465)
Resumen:	The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2018-0465 advisory.
Descripción:	Summary: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2018-0465 advisory. Vulnerability Insight: In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646) An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. (CVE-2018-19058) An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059) An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. (CVE-2018-19060) Affected Software/OS: 'poppler' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16646 https://bugzilla.redhat.com/show_bug.cgi?id=1622951 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://lists.debian.org/debian-lts-announce/2018/11/msg00040.html https://lists.debian.org/debian-lts-announce/2018/12/msg00004.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html RedHat Security Advisories: RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2022 https://usn.ubuntu.com/3837-1/ https://usn.ubuntu.com/3837-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-19058 https://gitlab.freedesktop.org/poppler/poppler/issues/659 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2018-19059 https://gitlab.freedesktop.org/poppler/poppler/issues/661 Common Vulnerability Exposure (CVE) ID: CVE-2018-19060 https://gitlab.freedesktop.org/poppler/poppler/issues/660
Copyright	Copyright (C) 2022 Greenbone AG