Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0134)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0134

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0134)

Resumen: The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2020-0134 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2020-0134 advisory.

Vulnerability Insight:
The updated packages fix a security vulnerability:

When using the gdImageCreateFromXbm() function in the GD Graphics Library
(aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x
below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to
supply data that will cause the function to use the value of uninitialized
variable. This may lead to disclosing contents of the stack that has been
left there by previous code. (CVE-2019-11038)

Affected Software/OS:
'libgd' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-11038
Bugtraq: 20190923 [SECURITY] [DSA 4529-1] php7.0 security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/38
Debian Security Information: DSA-4529 (Google Search)
https://www.debian.org/security/2019/dsa-4529
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
https://bugzilla.redhat.com/show_bug.cgi?id=1724432
https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html
RedHat Security Advisories: RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:2519
RedHat Security Advisories: RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3299
SuSE Security Announcement: openSUSE-SU-2020:0332 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
https://usn.ubuntu.com/4316-1/
https://usn.ubuntu.com/4316-2/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0134
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0134)
Resumen:	The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2020-0134 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libgd' package(s) announced via the MGASA-2020-0134 advisory. Vulnerability Insight: The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. (CVE-2019-11038) Affected Software/OS: 'libgd' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11038 Bugtraq: 20190923 [SECURITY] [DSA 4529-1] php7.0 security update (Google Search) https://seclists.org/bugtraq/2019/Sep/38 Debian Security Information: DSA-4529 (Google Search) https://www.debian.org/security/2019/dsa-4529 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/ https://bugzilla.redhat.com/show_bug.cgi?id=1724432 https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html RedHat Security Advisories: RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519 RedHat Security Advisories: RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299 SuSE Security Announcement: openSUSE-SU-2020:0332 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html https://usn.ubuntu.com/4316-1/ https://usn.ubuntu.com/4316-2/
Copyright	Copyright (C) 2022 Greenbone AG