Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0321
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0321)
Zusammenfassung:	The remote host is missing an update for the 'nspr, nss, rootcerts, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2018-0321 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'nspr, nss, rootcerts, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2018-0321 advisory. Vulnerability Insight: The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. (CVE-2018-12359) Use-after-free when using focus(). (CVE-2018-12360) S/MIME and PGP decryption oracles can be built with HTML emails. (CVE-2018-12372) S/MIME plaintext can be leaked through HTML reply/forward. (CVE-2018-12373) Integer overflow in SSSE3 scaler. (CVE-2018-12362) Use-after-free when appending DOM nodes. (CVE-2018-12363) CSRF attacks through 307 redirects and NPAPI plugins. (CVE-2018-12364) Compromised IPC child process can list local filenames. (CVE-2018-12365) Invalid data handling during QCMS transformations. (CVE-2018-12366) Using form to exfiltrate encrypted mail part by pressing enter in form field. (CVE-2018-12374) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9. (CVE-2018-5188) The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. (CVE-2018-12019) mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. (CVE-2018-12020) Affected Software/OS: 'nspr, nss, rootcerts, thunderbird, thunderbird-l10n' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12019 http://seclists.org/fulldisclosure/2019/Apr/38 http://openwall.com/lists/oss-security/2018/06/13/10 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://github.com/RUB-NDS/Johnny-You-Are-Fired https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://www.enigmail.net/index.php/en/download/changelog http://www.openwall.com/lists/oss-security/2019/04/30/4 Common Vulnerability Exposure (CVE) ID: CVE-2018-12020 BugTraq ID: 104450 http://www.securityfocus.com/bid/104450 Debian Security Information: DSA-4222 (Google Search) https://www.debian.org/security/2018/dsa-4222 Debian Security Information: DSA-4223 (Google Search) https://www.debian.org/security/2018/dsa-4223 Debian Security Information: DSA-4224 (Google Search) https://www.debian.org/security/2018/dsa-4224 http://openwall.com/lists/oss-security/2018/06/08/2 https://dev.gnupg.org/T4012 https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html RedHat Security Advisories: RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2180 RedHat Security Advisories: RHSA-2018:2181 https://access.redhat.com/errata/RHSA-2018:2181 http://www.securitytracker.com/id/1041051 https://usn.ubuntu.com/3675-1/ https://usn.ubuntu.com/3675-2/ https://usn.ubuntu.com/3675-3/ https://usn.ubuntu.com/3964-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12359 BugTraq ID: 104555 http://www.securityfocus.com/bid/104555 Debian Security Information: DSA-4235 (Google Search) https://www.debian.org/security/2018/dsa-4235 Debian Security Information: DSA-4244 (Google Search) https://www.debian.org/security/2018/dsa-4244 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html RedHat Security Advisories: RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2112 RedHat Security Advisories: RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2113 RedHat Security Advisories: RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2251 RedHat Security Advisories: RHSA-2018:2252 https://access.redhat.com/errata/RHSA-2018:2252 http://www.securitytracker.com/id/1041193 https://usn.ubuntu.com/3705-1/ https://usn.ubuntu.com/3714-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12360 Common Vulnerability Exposure (CVE) ID: CVE-2018-12362 BugTraq ID: 104560 http://www.securityfocus.com/bid/104560 Common Vulnerability Exposure (CVE) ID: CVE-2018-12363 Common Vulnerability Exposure (CVE) ID: CVE-2018-12364 Common Vulnerability Exposure (CVE) ID: CVE-2018-12365 Common Vulnerability Exposure (CVE) ID: CVE-2018-12366 Common Vulnerability Exposure (CVE) ID: CVE-2018-12372 BugTraq ID: 104613 http://www.securityfocus.com/bid/104613 Common Vulnerability Exposure (CVE) ID: CVE-2018-12373 Common Vulnerability Exposure (CVE) ID: CVE-2018-12374 Common Vulnerability Exposure (CVE) ID: CVE-2018-5188 https://usn.ubuntu.com/3749-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.