Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0424)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0424

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0424)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0424 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0424 advisory.

Vulnerability Insight:
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in
tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via
a crafted tiff file. (CVE-2022-3599)

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in
libtiff/tif_unix.c:340 when called from processCropSelections,
tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via
a crafted tiff file. (CVE-2022-3626)

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
libtiff/tif_unix.c:346 when called from extractImageSection,
tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via
a crafted tiff file. (CVE-2022-3627)

Affected Software/OS:
'libtiff' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-3599
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json
Debian Security Information: DSA-5333 (Google Search)
https://www.debian.org/security/2023/dsa-5333
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
https://gitlab.com/libtiff/libtiff/-/issues/398
https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-3626
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
https://gitlab.com/libtiff/libtiff/-/issues/426
Common Vulnerability Exposure (CVE) ID: CVE-2022-3627
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json
https://gitlab.com/libtiff/libtiff/-/issues/411

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0424
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0424)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0424 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0424 advisory. Vulnerability Insight: LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3599) LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3626) LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3627) Affected Software/OS: 'libtiff' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-3599 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json Debian Security Information: DSA-5333 (Google Search) https://www.debian.org/security/2023/dsa-5333 https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 https://gitlab.com/libtiff/libtiff/-/issues/398 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2022-3626 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 https://gitlab.com/libtiff/libtiff/-/issues/426 Common Vulnerability Exposure (CVE) ID: CVE-2022-3627 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json https://gitlab.com/libtiff/libtiff/-/issues/411
Copyright	Copyright (C) 2022 Greenbone AG