Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0337)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0337

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0337)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0337 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0337 advisory.

Vulnerability Insight:
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out
of bounds read and write. An attacker who supplies a crafted file to
tiffcrop (likely via tricking a user to run tiffcrop on it with certain
parameters) could cause a crash or in some cases, further exploitation.
(CVE-2022-2867)

libtiff's tiffcrop utility has a improper input validation flaw that can
lead to out of bounds read and ultimately cause a crash if an attacker is
able to supply a crafted file to tiffcrop. (CVE-2022-2868)

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of
bounds read and write in the extractContigSamples8bits routine. An
attacker who supplies a crafted file to tiffcrop could trigger this flaw,
most likely by tricking a user into opening the crafted file with
tiffcrop. Triggering this flaw could cause a crash or potentially further
exploitation. (CVE-2022-2869)

Affected Software/OS:
'libtiff' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-2867
Debian Security Information: DSA-5333 (Google Search)
https://www.debian.org/security/2023/dsa-5333
https://bugzilla.redhat.com/show_bug.cgi?id=2118847
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-2868
https://bugzilla.redhat.com/show_bug.cgi?id=2118863
Common Vulnerability Exposure (CVE) ID: CVE-2022-2869
https://bugzilla.redhat.com/show_bug.cgi?id=2118869

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0337
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0337)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0337 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0337 advisory. Vulnerability Insight: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. (CVE-2022-2867) libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. (CVE-2022-2868) libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. (CVE-2022-2869) Affected Software/OS: 'libtiff' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-2867 Debian Security Information: DSA-5333 (Google Search) https://www.debian.org/security/2023/dsa-5333 https://bugzilla.redhat.com/show_bug.cgi?id=2118847 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2868 https://bugzilla.redhat.com/show_bug.cgi?id=2118863 Common Vulnerability Exposure (CVE) ID: CVE-2022-2869 https://bugzilla.redhat.com/show_bug.cgi?id=2118869
Copyright	Copyright (C) 2022 Greenbone AG