Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0376
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0376)
Zusammenfassung:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2014-0376 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2014-0376 advisory. Vulnerability Insight: Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose. (CVE-2014-5119) Adhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040). Affected Software/OS: 'glibc' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5119 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit http://seclists.org/fulldisclosure/2014/Aug/69 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 60345 http://secunia.com/advisories/60345 60358 http://secunia.com/advisories/60358 60441 http://secunia.com/advisories/60441 61074 http://secunia.com/advisories/61074 61093 http://secunia.com/advisories/61093 68983 http://www.securityfocus.com/bid/68983 69738 http://www.securityfocus.com/bid/69738 DSA-3012 http://www.debian.org/security/2014/dsa-3012 GLSA-201602-02 https://security.gentoo.org/glsa/201602-02 MDVSA-2014:175 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html RHSA-2014:1118 http://rhn.redhat.com/errata/RHSA-2014-1118.html SUSE-SU-2014:1125 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues) http://www.openwall.com/lists/oss-security/2014/08/13/5 [oss-security] 20170713 glibc locale issues http://www.openwall.com/lists/oss-security/2014/07/14/1 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://www-01.ibm.com/support/docview.wss?uid=swg21685604 https://code.google.com/p/google-security-research/issues/detail?id=96 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 Common Vulnerability Exposure (CVE) ID: CVE-2014-6040 62100 http://secunia.com/advisories/62100 62146 http://secunia.com/advisories/62146 69472 http://www.securityfocus.com/bid/69472 DSA-3142 http://www.debian.org/security/2015/dsa-3142 USN-2432-1 http://ubuntu.com/usn/usn-2432-1 [oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages http://www.openwall.com/lists/oss-security/2014/08/29/3 [oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages http://www.openwall.com/lists/oss-security/2014/09/02/1 http://linux.oracle.com/errata/ELSA-2015-0016.html https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.