 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2017.0059 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2017-0059) |
| Zusammenfassung: | The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2017-0059 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2017-0059 advisory. Vulnerability Insight: Updated Iceape packages derived from Seamonkey include security fixes from Mozilla Firefox: Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Seamonkey before 2.46 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. (CVE-2016-5270) The PropertyProvider::GetSpacingInternal function in Seamonkey before 2.46 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a 'display: contents' Cascading Style Sheets (CSS) property. (CVE-2016-5271) The nsImageGeometryMixin class in Seamonkey before 2.46 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. (CVE-2016-5272) Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. (CVE-2016-5276) Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. (CVE-2016-5274) Use-after-free vulnerability in the nsRefreshDriver::Tick function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. (CVE-2016-5277) Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. (CVE-2016-5278) Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code via bidirectional text. (CVE-2016-5280) Use-after-free vulnerability in the DOMSVGLength class in Seamonkey before 2.46 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. (CVE-2016-5281) Seamonkey before 2.46 relies on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. (CVE-2016-5284) Multiple unspecified vulnerabilities in the browser engine in Seamonkey before 2.46 allow ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'iceape' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2827 BugTraq ID: 93052 http://www.securityfocus.com/bid/93052 https://security.gentoo.org/glsa/201701-15 http://www.securitytracker.com/id/1036852 Common Vulnerability Exposure (CVE) ID: CVE-2016-5257 BugTraq ID: 93049 http://www.securityfocus.com/bid/93049 Debian Security Information: DSA-3674 (Google Search) http://www.debian.org/security/2016/dsa-3674 Debian Security Information: DSA-3690 (Google Search) http://www.debian.org/security/2016/dsa-3690 RedHat Security Advisories: RHSA-2016:1912 http://rhn.redhat.com/errata/RHSA-2016-1912.html RedHat Security Advisories: RHSA-2016:1985 http://rhn.redhat.com/errata/RHSA-2016-1985.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5270 Common Vulnerability Exposure (CVE) ID: CVE-2016-5271 Common Vulnerability Exposure (CVE) ID: CVE-2016-5272 Common Vulnerability Exposure (CVE) ID: CVE-2016-5274 Common Vulnerability Exposure (CVE) ID: CVE-2016-5276 Common Vulnerability Exposure (CVE) ID: CVE-2016-5277 Common Vulnerability Exposure (CVE) ID: CVE-2016-5278 Common Vulnerability Exposure (CVE) ID: CVE-2016-5280 Common Vulnerability Exposure (CVE) ID: CVE-2016-5281 http://www.geeknik.net/7gr1u98b9 Common Vulnerability Exposure (CVE) ID: CVE-2016-5284 https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95 http://seclists.org/dailydave/2016/q3/51 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |