Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.852088 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for exiv2 (openSUSE-SU-2018:1961-1) |
Zusammenfassung: | The remote host is missing an update for the 'exiv2'; package(s) announced via the openSUSE-SU-2018:1961-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'exiv2' package(s) announced via the openSUSE-SU-2018:1961-1 advisory. Vulnerability Insight: This update for exiv2 to 0.26 fixes the following security issues: - CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060995). - CVE-2017-14862: Prevent invalid memory address dereference in Exiv2::DataValue::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060996). - CVE-2017-14859: Prevent invalid memory address dereference in Exiv2::StringValueBase::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1061000). - CVE-2017-14860: Prevent heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function via a crafted input that could have lead to a denial of service attack (bsc#1061023). - CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11338: Prevent infinite loop in the Exiv2::Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11339: Prevent heap-based buffer overflow in the Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate() function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability caused an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact (bsc#1054593). - CVE-2017-12956: Preventn illegal address access in Exiv2::FileIo::path[abi:cxx11]() that could have lead to remote denial of service (bsc#1054592). - CVE-2017-12957: Prevent heap-based buffer over-read that was triggered in the Exiv2::Image::io function and could have lead to remote denial of service (bsc#1054590). - CVE-2017-11683: Prevent reachable assertion in the Internal::TiffReader::visitDirectory function that could have lead to a remote denial of service attack via crafted input (bsc#1051188). - CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType function that could have lead to a remote denial of service attack via crafted input (bsc#1050257). - CVE-2017-11553: Prevent illegal address access i ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: exiv2 on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-11337 Common Vulnerability Exposure (CVE) ID: CVE-2017-11338 Common Vulnerability Exposure (CVE) ID: CVE-2017-11339 Common Vulnerability Exposure (CVE) ID: CVE-2017-11340 Common Vulnerability Exposure (CVE) ID: CVE-2017-11553 Common Vulnerability Exposure (CVE) ID: CVE-2017-11591 Common Vulnerability Exposure (CVE) ID: CVE-2017-11592 Common Vulnerability Exposure (CVE) ID: CVE-2017-11683 Common Vulnerability Exposure (CVE) ID: CVE-2017-12955 Common Vulnerability Exposure (CVE) ID: CVE-2017-12956 Common Vulnerability Exposure (CVE) ID: CVE-2017-12957 Common Vulnerability Exposure (CVE) ID: CVE-2017-14859 Common Vulnerability Exposure (CVE) ID: CVE-2017-14860 Common Vulnerability Exposure (CVE) ID: CVE-2017-14862 Common Vulnerability Exposure (CVE) ID: CVE-2017-14864 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |