Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0376)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.130015

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0376)

Zusammenfassung: The remote host is missing an update for the 'icedtea-web' package(s) announced via the MGASA-2015-0376 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'icedtea-web' package(s) announced via the MGASA-2015-0376 advisory.

Vulnerability Insight:
Updated icedtea-web packages fix security vulnerabilities:

It was discovered that IcedTea-Web did not properly sanitize applet URLs when
storing applet trust settings. A malicious web page could use this flaw to
inject trust-settings configuration, and cause applets to be executed without
user approval (CVE-2015-5234).

It was discovered that IcedTea-Web did not properly determine an applet's
origin when asking the user if the applet should be run. A malicious page
could use this flaw to cause IcedTea-Web to execute the applet without user
approval, or confuse the user into approving applet execution based on an
incorrectly indicated applet origin (CVE-2015-5235).

Affected Software/OS:
'icedtea-web' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5234
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
RedHat Security Advisories: RHSA-2016:0778
http://rhn.redhat.com/errata/RHSA-2016-0778.html
http://www.securitytracker.com/id/1033780
SuSE Security Announcement: openSUSE-SU-2015:1595 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
http://www.ubuntu.com/usn/USN-2817-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5235

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.130015
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0376)
Zusammenfassung:	The remote host is missing an update for the 'icedtea-web' package(s) announced via the MGASA-2015-0376 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'icedtea-web' package(s) announced via the MGASA-2015-0376 advisory. Vulnerability Insight: Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval (CVE-2015-5234). It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an incorrectly indicated applet origin (CVE-2015-5235). Affected Software/OS: 'icedtea-web' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5234 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html RedHat Security Advisories: RHSA-2016:0778 http://rhn.redhat.com/errata/RHSA-2016-0778.html http://www.securitytracker.com/id/1033780 SuSE Security Announcement: openSUSE-SU-2015:1595 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://www.ubuntu.com/usn/USN-2817-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5235
Copyright	Copyright (C) 2015 Greenbone AG