Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.2.2019.2583
Kategorie:Huawei EulerOS Local Security Checks
Titel:Huawei EulerOS: Security Advisory for gd (EulerOS-SA-2019-2583)
Zusammenfassung:The remote host is missing an update for the Huawei EulerOS 'gd' package(s) announced via the EulerOS-SA-2019-2583 advisory.
Beschreibung:Summary:
The remote host is missing an update for the Huawei EulerOS 'gd' package(s) announced via the EulerOS-SA-2019-2583 advisory.

Vulnerability Insight:
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.(CVE-2016-3074)

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.(CVE-2016-6161)

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.(CVE-2016-9933)

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.(CVE-2017-6362)

Affected Software/OS:
'gd' package(s) on Huawei EulerOS V2.0SP3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-3074
BugTraq ID: 87087
http://www.securityfocus.com/bid/87087
Bugtraq: 20160421 CVE-2016-3074: libgd: signedness vulnerability (Google Search)
http://www.securityfocus.com/archive/1/538160/100/0/threaded
Debian Security Information: DSA-3556 (Google Search)
http://www.debian.org/security/2016/dsa-3556
Debian Security Information: DSA-3602 (Google Search)
http://www.debian.org/security/2016/dsa-3602
https://www.exploit-db.com/exploits/39736/
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html
http://seclists.org/fulldisclosure/2016/Apr/72
https://security.gentoo.org/glsa/201607-04
https://security.gentoo.org/glsa/201611-22
http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securitytracker.com/id/1035659
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127
SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
http://www.ubuntu.com/usn/USN-2987-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-6161
Debian Security Information: DSA-3619 (Google Search)
http://www.debian.org/security/2016/dsa-3619
http://www.openwall.com/lists/oss-security/2016/07/05/6
http://www.openwall.com/lists/oss-security/2016/07/05/7
SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html
SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html
http://www.ubuntu.com/usn/USN-3030-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9933
BugTraq ID: 94865
http://www.securityfocus.com/bid/94865
Debian Security Information: DSA-3751 (Google Search)
http://www.debian.org/security/2017/dsa-3751
http://www.openwall.com/lists/oss-security/2016/12/12/2
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
SuSE Security Announcement: openSUSE-SU-2016:3228 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
SuSE Security Announcement: openSUSE-SU-2016:3239 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
SuSE Security Announcement: openSUSE-SU-2017:0006 (Google Search)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
SuSE Security Announcement: openSUSE-SU-2017:0061 (Google Search)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2017:0081 (Google Search)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6362
Debian Security Information: DSA-3961 (Google Search)
http://www.debian.org/security/2017/dsa-3961
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.