Debian Local Security Checks : Debian: Security Advisory for evince (DSA-4624-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704624

Kategorie: Debian Local Security Checks

Titel: Debian: Security Advisory for evince (DSA-4624-1)

Zusammenfassung: The remote host is missing an update for the 'evince'; package(s) announced via the DSA-4624-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'evince'
package(s) announced via the DSA-4624-1 advisory.

Vulnerability Insight:
Several vulnerabilities were discovered in evince, a simple multi-page
document viewer.

CVE-2017-1000159
Tobias Mueller reported that the DVI exporter in evince is
susceptible to a command injection vulnerability via specially
crafted filenames.

CVE-2019-11459
Andy Nguyen reported that the tiff_document_render() and
tiff_document_get_thumbnail() functions in the TIFF document backend
did not handle errors from TIFFReadRGBAImageOriented(), leading to
disclosure of uninitialized memory when processing TIFF image files.

CVE-2019-1010006
A buffer overflow vulnerability in the tiff backend could lead to
denial of service, or potentially the execution of arbitrary code if
a specially crafted PDF file is opened.

Affected Software/OS:
'evince' package(s) on Debian Linux.

Solution:
For the oldstable distribution (stretch), these problems have been fixed
in version 3.22.1-3+deb9u2.

For the stable distribution (buster), these problems have been fixed in
version 3.30.2-3+deb10u1. The stable distribution is only affected by
CVE-2019-11459
.

We recommend that you upgrade your evince packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-1000159
Common Vulnerability Exposure (CVE) ID: CVE-2019-1010006
Common Vulnerability Exposure (CVE) ID: CVE-2019-11459

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704624
Kategorie:	Debian Local Security Checks
Titel:	Debian: Security Advisory for evince (DSA-4624-1)
Zusammenfassung:	The remote host is missing an update for the 'evince'; package(s) announced via the DSA-4624-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'evince' package(s) announced via the DSA-4624-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to disclosure of uninitialized memory when processing TIFF image files. CVE-2019-1010006 A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened. Affected Software/OS: 'evince' package(s) on Debian Linux. Solution: For the oldstable distribution (stretch), these problems have been fixed in version 3.22.1-3+deb9u2. For the stable distribution (buster), these problems have been fixed in version 3.30.2-3+deb10u1. The stable distribution is only affected by CVE-2019-11459 . We recommend that you upgrade your evince packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000159 Common Vulnerability Exposure (CVE) ID: CVE-2019-1010006 Common Vulnerability Exposure (CVE) ID: CVE-2019-11459
Copyright	Copyright (C) 2020 Greenbone Networks GmbH