Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0276)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0276

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0276)

Resumen: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2019-0276 advisory.

Descripción: Summary:
The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2019-0276 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check
for negative values of stream length, leading to an Integer Overflow,
thereby making it possible to allocate a large memory chunk on the heap,
with a size controlled by an attacker, as demonstrated by pdftocairo.
(CVE-2019-9959)

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer
over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
(CVE-2019-10871)

Affected Software/OS:
'poppler' package(s) on Mageia 6, Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-10871
BugTraq ID: 107862
http://www.securityfocus.com/bid/107862
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/
https://gitlab.freedesktop.org/poppler/poppler/issues/751
https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html
RedHat Security Advisories: RHSA-2019:2713
https://access.redhat.com/errata/RHSA-2019:2713
Common Vulnerability Exposure (CVE) ID: CVE-2019-9959
BugTraq ID: 109342
http://www.securityfocus.com/bid/109342
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/
https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0276
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0276)
Resumen:	The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2019-0276 advisory.
Descripción:	Summary: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2019-0276 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959) An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871) Affected Software/OS: 'poppler' package(s) on Mageia 6, Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10871 BugTraq ID: 107862 http://www.securityfocus.com/bid/107862 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/ https://gitlab.freedesktop.org/poppler/poppler/issues/751 https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html RedHat Security Advisories: RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713 Common Vulnerability Exposure (CVE) ID: CVE-2019-9959 BugTraq ID: 109342 http://www.securityfocus.com/bid/109342 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV/ https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
Copyright	Copyright (C) 2022 Greenbone AG