Test Kennung:	1.3.6.1.4.1.25623.1.0.50563
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2004:082 (mozilla)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to mozilla announced via advisory MDKSA-2004:082. A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing. Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079). Affected versions: 10.0, 9.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599 http://bugzilla.mozilla.org/show_bug.cgi?id=246448 http://bugzilla.mozilla.org/show_bug.cgi?id=162020 http://bugzilla.mozilla.org/show_bug.cgi?id=149478 http://bugzilla.mozilla.org/show_bug.cgi?id=239580 http://bugzilla.mozilla.org/show_bug.cgi?id=244965 http://bugzilla.mozilla.org/show_bug.cgi?id=229374 http://bugzilla.mozilla.org/show_bug.cgi?id=240053 http://bugzilla.mozilla.org/show_bug.cgi?id=226278 http://bugzilla.mozilla.org/show_bug.cgi?id=234058 http://bugzilla.mozilla.org/show_bug.cgi?id=86028 http://bugzilla.mozilla.org/show_bug.cgi?id=236618 http://bugzilla.mozilla.org/show_bug.cgi?id=206859 http://bugzilla.mozilla.org/show_bug.cgi?id=249004 http://bugzilla.mozilla.org/show_bug.cgi?id=253121 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0597 http://lists.apple.com/mhonarc/security-announce/msg00056.html BugTraq ID: 10857 http://www.securityfocus.com/bid/10857 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 Bugtraq: 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) (Google Search) http://marc.info/?l=bugtraq&m=109163866717909&w=2 Bugtraq: 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit (Google Search) http://marc.info/?l=bugtraq&m=110796779903455&w=2 Cert/CC Advisory: TA04-217A http://www.us-cert.gov/cas/techalerts/TA04-217A.html Cert/CC Advisory: TA05-039A http://www.us-cert.gov/cas/techalerts/TA05-039A.html CERT/CC vulnerability note: VU#388984 http://www.kb.cert.org/vuls/id/388984 CERT/CC vulnerability note: VU#817368 http://www.kb.cert.org/vuls/id/817368 Conectiva Linux advisory: CLA-2004:856 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856 Debian Security Information: DSA-536 (Google Search) http://www.debian.org/security/2004/dsa-536 https://bugzilla.fedora.us/show_bug.cgi?id=1943 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml HPdes Security Advisory: SSRT4778 http://marc.info/?l=bugtraq&m=109181639602978&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2004:079 http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 http://scary.beasts.org/security/CESA-2004-001.txt http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10 Microsoft Security Bulletin: MS05-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709 http://www.redhat.com/support/errata/RHSA-2004-402.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.redhat.com/support/errata/RHSA-2004-429.html SCO Security Bulletin: SCOSA-2004.16 http://marc.info/?l=bugtraq&m=109761239318458&w=2 SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/22957 http://secunia.com/advisories/22958 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1 SuSE Security Announcement: SUSE-SA:2004:023 (Google Search) http://www.novell.com/linux/security/advisories/2004_23_libpng.html http://www.trustix.net/errata/2004/0040/ XForce ISS Database: libpng-pnghandle-bo(16894) https://exchange.xforce.ibmcloud.com/vulnerabilities/16894 Common Vulnerability Exposure (CVE) ID: CVE-2004-0598 CERT/CC vulnerability note: VU#236656 http://www.kb.cert.org/vuls/id/236656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572 XForce ISS Database: libpng-pnghandleiccp-dos(16895) https://exchange.xforce.ibmcloud.com/vulnerabilities/16895 Common Vulnerability Exposure (CVE) ID: CVE-2004-0599 CERT/CC vulnerability note: VU#160448 http://www.kb.cert.org/vuls/id/160448 CERT/CC vulnerability note: VU#286464 http://www.kb.cert.org/vuls/id/286464 CERT/CC vulnerability note: VU#477512 http://www.kb.cert.org/vuls/id/477512 Debian Security Information: DSA-570 (Google Search) http://www.debian.org/security/2004/dsa-570 Debian Security Information: DSA-571 (Google Search) http://www.debian.org/security/2004/dsa-571 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479 XForce ISS Database: lilbpng-integer-bo(16896) https://exchange.xforce.ibmcloud.com/vulnerabilities/16896
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.