ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0493
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0493)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0493 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2018-0493 advisory. Vulnerability Insight: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. (CVE-2018-12900) LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. (CVE-2018-18557) In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. (CVE-2018-19210) Affected Software/OS: 'libtiff' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12900 Debian Security Information: DSA-4670 (Google Search) https://www.debian.org/security/2020/dsa-4670 http://bugzilla.maptools.org/show_bug.cgi?id=2798 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html RedHat Security Advisories: RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053 RedHat Security Advisories: RHSA-2019:3419 https://access.redhat.com/errata/RHSA-2019:3419 https://usn.ubuntu.com/3906-1/ https://usn.ubuntu.com/3906-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18557 Debian Security Information: DSA-4349 (Google Search) https://www.debian.org/security/2018/dsa-4349 https://www.exploit-db.com/exploits/45694/ https://security.gentoo.org/glsa/201904-15 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557 https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66 https://gitlab.com/libtiff/libtiff/merge_requests/38 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-19210 BugTraq ID: 105932 http://www.securityfocus.com/bid/105932 Bugtraq: 20191104 [slackware-security] libtiff (SSA:2019-308-01) (Google Search) https://seclists.org/bugtraq/2019/Nov/5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/ https://security.gentoo.org/glsa/202003-25 http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:1161 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.