Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.852564
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for libcroco (openSUSE-SU-2019:1575-1)
Zusammenfassung:The remote host is missing an update for the 'libcroco'; package(s) announced via the openSUSE-SU-2019:1575-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libcroco'
package(s) announced via the openSUSE-SU-2019:1575-1 advisory.

Vulnerability Insight:
This update for libcroco fixes the following issues:

Security issues fixed:

- CVE-2017-7960: Fixed heap overflow (input: check end of input before
reading a byte) (bsc#1034481).

- CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long
rgb values) (bsc#1034482).

- CVE-2017-8834: Fixed denial of service (memory allocation error) via a
crafted CSS file (bsc#1043898).

- CVE-2017-8871: Fixed denial of service (infinite loop and CPU
consumption) via a crafted CSS file (bsc#1043899).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1575=1

Affected Software/OS:
'libcroco' package(s) on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-7960
https://security.gentoo.org/glsa/201707-13
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
SuSE Security Announcement: openSUSE-SU-2019:1575 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7961
http://openwall.com/lists/oss-security/2017/04/24/2
https://bugzilla.suse.com/show_bug.cgi?id=1034482
https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
Common Vulnerability Exposure (CVE) ID: CVE-2017-8834
https://www.exploit-db.com/exploits/42147/
https://bugzilla.gnome.org/show_bug.cgi?id=782647
Common Vulnerability Exposure (CVE) ID: CVE-2017-8871
https://bugzilla.gnome.org/show_bug.cgi?id=782649
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.