Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0289
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0289)
Zusammenfassung:	The remote host is missing an update for the 'dpkg' package(s) announced via the MGASA-2014-0289 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dpkg' package(s) announced via the MGASA-2014-0289 advisory. Vulnerability Insight: Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked (CVE-2014-0471). Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with especially-crafted patch files (CVE-2014-3864, CVE-2014-3865). Affected Software/OS: 'dpkg' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0471 BugTraq ID: 67106 http://www.securityfocus.com/bid/67106 Debian Security Information: DSA-2915 (Google Search) http://www.debian.org/security/2014/dsa-2915 http://www.ubuntu.com/usn/USN-2183-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3864 BugTraq ID: 67725 http://www.securityfocus.com/bid/67725 Debian Security Information: DSA-2953 (Google Search) http://www.debian.org/security/2014/dsa-2953 http://openwall.com/lists/oss-security/2014/05/25/2 http://www.ubuntu.com/usn/USN-2242-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3865 BugTraq ID: 67727 http://www.securityfocus.com/bid/67727
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.