Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0132)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2017.0132

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2017-0132)

Zusammenfassung: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2017-0132 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2017-0132 advisory.

Vulnerability Insight:
The archive_wstring_append_from_mbs function in archive_string.c in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted archive
file. (CVE-2016-10209)

The archive_le32dec function in archive_endian.h in libarchive 3.2.2
allows remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted file. (CVE-2016-10349)

The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file. (CVE-2016-10350)

Affected Software/OS:
'libarchive' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-10209
BugTraq ID: 97327
http://www.securityfocus.com/bid/97327
Debian Security Information: DSA-4360 (Google Search)
https://www.debian.org/security/2018/dsa-4360
https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html
https://usn.ubuntu.com/3736-1/
Common Vulnerability Exposure (CVE) ID: CVE-2016-10349
BugTraq ID: 100347
http://www.securityfocus.com/bid/100347
https://security.gentoo.org/glsa/201710-19
https://github.com/libarchive/libarchive/issues/834
Common Vulnerability Exposure (CVE) ID: CVE-2016-10350
https://github.com/libarchive/libarchive/issues/835

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0132
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0132)
Zusammenfassung:	The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2017-0132 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2017-0132 advisory. Vulnerability Insight: The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (CVE-2016-10209) The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2016-10349) The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2016-10350) Affected Software/OS: 'libarchive' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10209 BugTraq ID: 97327 http://www.securityfocus.com/bid/97327 Debian Security Information: DSA-4360 (Google Search) https://www.debian.org/security/2018/dsa-4360 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://usn.ubuntu.com/3736-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10349 BugTraq ID: 100347 http://www.securityfocus.com/bid/100347 https://security.gentoo.org/glsa/201710-19 https://github.com/libarchive/libarchive/issues/834 Common Vulnerability Exposure (CVE) ID: CVE-2016-10350 https://github.com/libarchive/libarchive/issues/835
Copyright	Copyright (C) 2022 Greenbone AG