Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0098)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0098

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0098)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2021-0098 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2021-0098 advisory.

Vulnerability Insight:
The updated libtiff packages fix security vulnerabilities:
- Integer overflow in tif_getimage.c (CVE-2020-35523).
- Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524).
- Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of
service via the 'TIFFVGetField' function in the component
'libtiff/tif_dir.c'. (CVE-2020-19143)
- Memory allocation failure in tiff2rgba (CVE-2020-35521)
- Memory allocation failure in tiff2rgba (CVE-2020-35522)

Affected Software/OS:
'libtiff' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-19143
Debian Security Information: DSA-4997 (Google Search)
https://www.debian.org/security/2021/dsa-4997
http://bugzilla.maptools.org/show_bug.cgi?id=2851
https://gitlab.com/libtiff/libtiff/-/issues/158
https://gitlab.com/libtiff/libtiff/-/merge_requests/119
Common Vulnerability Exposure (CVE) ID: CVE-2020-35521
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
https://security.gentoo.org/glsa/202104-06
https://bugzilla.redhat.com/show_bug.cgi?id=1932034
Common Vulnerability Exposure (CVE) ID: CVE-2020-35522
https://bugzilla.redhat.com/show_bug.cgi?id=1932037
Common Vulnerability Exposure (CVE) ID: CVE-2020-35523
Debian Security Information: DSA-4869 (Google Search)
https://www.debian.org/security/2021/dsa-4869
https://bugzilla.redhat.com/show_bug.cgi?id=1932040
https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
https://gitlab.com/libtiff/libtiff/-/merge_requests/160
https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-35524
https://security.netapp.com/advisory/ntap-20210521-0009/
https://bugzilla.redhat.com/show_bug.cgi?id=1932044
https://gitlab.com/libtiff/libtiff/-/merge_requests/159
https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0098
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0098)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2021-0098 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2021-0098 advisory. Vulnerability Insight: The updated libtiff packages fix security vulnerabilities: - Integer overflow in tif_getimage.c (CVE-2020-35523). - Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524). - Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'TIFFVGetField' function in the component 'libtiff/tif_dir.c'. (CVE-2020-19143) - Memory allocation failure in tiff2rgba (CVE-2020-35521) - Memory allocation failure in tiff2rgba (CVE-2020-35522) Affected Software/OS: 'libtiff' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-19143 Debian Security Information: DSA-4997 (Google Search) https://www.debian.org/security/2021/dsa-4997 http://bugzilla.maptools.org/show_bug.cgi?id=2851 https://gitlab.com/libtiff/libtiff/-/issues/158 https://gitlab.com/libtiff/libtiff/-/merge_requests/119 Common Vulnerability Exposure (CVE) ID: CVE-2020-35521 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/ https://security.gentoo.org/glsa/202104-06 https://bugzilla.redhat.com/show_bug.cgi?id=1932034 Common Vulnerability Exposure (CVE) ID: CVE-2020-35522 https://bugzilla.redhat.com/show_bug.cgi?id=1932037 Common Vulnerability Exposure (CVE) ID: CVE-2020-35523 Debian Security Information: DSA-4869 (Google Search) https://www.debian.org/security/2021/dsa-4869 https://bugzilla.redhat.com/show_bug.cgi?id=1932040 https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 https://gitlab.com/libtiff/libtiff/-/merge_requests/160 https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2020-35524 https://security.netapp.com/advisory/ntap-20210521-0009/ https://bugzilla.redhat.com/show_bug.cgi?id=1932044 https://gitlab.com/libtiff/libtiff/-/merge_requests/159 https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
Copyright	Copyright (C) 2022 Greenbone AG