Test Kennung:	1.3.6.1.4.1.25623.1.0.130124
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0252)
Zusammenfassung:	The remote host is missing an update for the 'p7zip' package(s) announced via the MGASA-2015-0252 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'p7zip' package(s) announced via the MGASA-2015-0252 advisory. Vulnerability Insight: Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory (CVE-2015-1038). Affected Software/OS: 'p7zip' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1038 BugTraq ID: 71890 http://www.securityfocus.com/bid/71890 Debian Security Information: DSA-3289 (Google Search) http://www.debian.org/security/2015/dsa-3289 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174245.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173245.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660 https://bugzilla.redhat.com/show_bug.cgi?id=1179505 http://www.openwall.com/lists/oss-security/2015/01/11/2 SuSE Security Announcement: openSUSE-SU-2015:1162 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00000.html XForce ISS Database: p7zip-cve20151038-symlink(99970) https://exchange.xforce.ibmcloud.com/vulnerabilities/99970
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.