Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0290)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0290

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0290)

Resumen: The remote host is missing an update for the 'leptonica' package(s) announced via the MGASA-2021-0290 advisory.

Descripción: Summary:
The remote host is missing an update for the 'leptonica' package(s) announced via the MGASA-2021-0290 advisory.

Vulnerability Insight:
Leptonica before 1.80.0 allows a denial of service (application crash) via an
incorrect left shift in pixConvert2To8 in pixconv.c (CVE-2020-36277).

Leptonica before 1.80.0 allows a heap-based buffer over-read in
findNextBorderPixel in ccbord.c (CVE-2020-36278).

Leptonica before 1.80.0 allows a heap-based buffer over-read in
rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c (CVE-2020-36279).

Leptonica before 1.80.0 allows a heap-based buffer over-read in
pixReadFromTiffStream, related to tiffio.c (CVE-2020-36280).

Leptonica before 1.80.0 allows a heap-based buffer over-read in
pixFewColorsOctcubeQuantMixed in colorquant1.c (CVE-2020-36281).

Affected Software/OS:
'leptonica' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-36277
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/
https://security.gentoo.org/glsa/202107-53
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997
https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0
https://github.com/DanBloomberg/leptonica/pull/499
https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-36278
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
Common Vulnerability Exposure (CVE) ID: CVE-2020-36279
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
Common Vulnerability Exposure (CVE) ID: CVE-2020-36280
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
Common Vulnerability Exposure (CVE) ID: CVE-2020-36281
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0290
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0290)
Resumen:	The remote host is missing an update for the 'leptonica' package(s) announced via the MGASA-2021-0290 advisory.
Descripción:	Summary: The remote host is missing an update for the 'leptonica' package(s) announced via the MGASA-2021-0290 advisory. Vulnerability Insight: Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c (CVE-2020-36277). Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c (CVE-2020-36278). Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c (CVE-2020-36279). Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c (CVE-2020-36280). Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c (CVE-2020-36281). Affected Software/OS: 'leptonica' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-36277 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/ https://security.gentoo.org/glsa/202107-53 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0 https://github.com/DanBloomberg/leptonica/pull/499 https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html Common Vulnerability Exposure (CVE) ID: CVE-2020-36278 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842 Common Vulnerability Exposure (CVE) ID: CVE-2020-36279 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4 Common Vulnerability Exposure (CVE) ID: CVE-2020-36280 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c Common Vulnerability Exposure (CVE) ID: CVE-2020-36281 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
Copyright	Copyright (C) 2022 Greenbone AG