Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.851848 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for libraw (openSUSE-SU-2018:2286-1) |
Zusammenfassung: | The remote host is missing an update for the 'libraw'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'libraw' package(s) announced via the referenced advisory. Vulnerability Insight: This update for libraw fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200). - CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206) - CVE-2018-5810: Fixed an error within the rollei_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause a heap-based buffer overflow and subsequently cause a crash. (boo#1103353) - CVE-2018-5811: Fixed an error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103359) - CVE-2018-5812: Fixed another error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to trigger a NULL pointer dereference. (boo#1103360) - CVE-2018-5807: Fixed an error within the samsung_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103361) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-849=1 Affected Software/OS: libraw on openSUSE Leap 42.3 Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5807 https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ https://secuniaresearch.flexerasoftware.com/advisories/81800/ https://usn.ubuntu.com/3838-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5810 Common Vulnerability Exposure (CVE) ID: CVE-2018-5811 Common Vulnerability Exposure (CVE) ID: CVE-2018-5812 Common Vulnerability Exposure (CVE) ID: CVE-2018-5813 https://github.com/LibRaw/LibRaw/commit/e47384546b43d0fd536e933249047bc397a4d88b https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/ https://secuniaresearch.flexerasoftware.com/advisories/83050/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5815 https://github.com/LibRaw/LibRaw/commit/1334647862b0c90b2e8cb2f668e66627d9517b17 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-14/ https://secuniaresearch.flexerasoftware.com/advisories/83507/ |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |