Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0286
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0286)
Zusammenfassung:	The remote host is missing an update for the 'icu' package(s) announced via the MGASA-2015-0286 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'icu' package(s) announced via the MGASA-2015-0286 advisory. Vulnerability Insight: The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c (CVE-2014-8146). The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of an int32 value to an int16 type (CVE-2014-8147). The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU) mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file (CVE-2015-1270). Affected Software/OS: 'icu' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8146 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 74457 http://www.securityfocus.com/bid/74457 CERT/CC vulnerability note: VU#602540 http://www.kb.cert.org/vuls/id/602540 Debian Security Information: DSA-3323 (Google Search) http://www.debian.org/security/2015/dsa-3323 http://seclists.org/fulldisclosure/2015/May/14 https://security.gentoo.org/glsa/201507-04 https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html http://openwall.com/lists/oss-security/2015/05/05/6 Common Vulnerability Exposure (CVE) ID: CVE-2014-8147 https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2015-1270 BugTraq ID: 75973 http://www.securityfocus.com/bid/75973 Debian Security Information: DSA-3315 (Google Search) http://www.debian.org/security/2015/dsa-3315 Debian Security Information: DSA-3360 (Google Search) http://www.debian.org/security/2015/dsa-3360 https://security.gentoo.org/glsa/201603-09 RedHat Security Advisories: RHSA-2015:1499 http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.securitytracker.com/id/1033031 SuSE Security Announcement: openSUSE-SU-2015:1287 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://www.ubuntu.com/usn/USN-2740-1
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.