Búsqueda de    
Vulnerabilidad   
    Buscar 172616 Descripciones CVE y
81291 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.852564
Categoría:SuSE Local Security Checks
Título:openSUSE: Security Advisory for libcroco (openSUSE-SU-2019:1575-1)
Resumen:The remote host is missing an update for the 'libcroco'; package(s) announced via the openSUSE-SU-2019:1575-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'libcroco'
package(s) announced via the openSUSE-SU-2019:1575-1 advisory.

Vulnerability Insight:
This update for libcroco fixes the following issues:

Security issues fixed:

- CVE-2017-7960: Fixed heap overflow (input: check end of input before
reading a byte) (bsc#1034481).

- CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long
rgb values) (bsc#1034482).

- CVE-2017-8834: Fixed denial of service (memory allocation error) via a
crafted CSS file (bsc#1043898).

- CVE-2017-8871: Fixed denial of service (infinite loop and CPU
consumption) via a crafted CSS file (bsc#1043899).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1575=1

Affected Software/OS:
'libcroco' package(s) on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-7960
https://security.gentoo.org/glsa/201707-13
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
SuSE Security Announcement: openSUSE-SU-2019:1575 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7961
http://openwall.com/lists/oss-security/2017/04/24/2
https://bugzilla.suse.com/show_bug.cgi?id=1034482
https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
Common Vulnerability Exposure (CVE) ID: CVE-2017-8834
https://www.exploit-db.com/exploits/42147/
https://bugzilla.gnome.org/show_bug.cgi?id=782647
Common Vulnerability Exposure (CVE) ID: CVE-2017-8871
https://bugzilla.gnome.org/show_bug.cgi?id=782649
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 81291 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.