Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2018.0354
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2018-0354)
Zusammenfassung:The remote host is missing an update for the 'thunderbird' package(s) announced via the MGASA-2018-0354 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'thunderbird' package(s) announced via the MGASA-2018-0354 advisory.

Vulnerability Insight:
Updated thunderbird package fixes security vulnerabilities:

* Spoofing of Email signatures II: The signature verification routine in
Enigmail interpreted User IDs as status/control messages and did not
correctly keep track of the status of multiple signatures. This allowed
remote attackers to spoof arbitrary email signatures via public keys
containing crafted primary user ids (CVE-2018-12019).

* Spoofing of Email signatures I: GnuPG 2.2.8 fixed a security bug that
allows remote attackers to spoof arbitrary email signatures via the
embedded '--filename' parameter in OpenPGP literal data packets. This
release of Enigmail prevents the exploit for all versions of GnuPG,
i.e. also if GnuPG is not updated (CVE-2018-12020).

Affected Software/OS:
'thunderbird' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-12019
http://seclists.org/fulldisclosure/2019/Apr/38
http://openwall.com/lists/oss-security/2018/06/13/10
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
https://www.enigmail.net/index.php/en/download/changelog
http://www.openwall.com/lists/oss-security/2019/04/30/4
Common Vulnerability Exposure (CVE) ID: CVE-2018-12020
BugTraq ID: 104450
http://www.securityfocus.com/bid/104450
Debian Security Information: DSA-4222 (Google Search)
https://www.debian.org/security/2018/dsa-4222
Debian Security Information: DSA-4223 (Google Search)
https://www.debian.org/security/2018/dsa-4223
Debian Security Information: DSA-4224 (Google Search)
https://www.debian.org/security/2018/dsa-4224
http://openwall.com/lists/oss-security/2018/06/08/2
https://dev.gnupg.org/T4012
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
RedHat Security Advisories: RHSA-2018:2180
https://access.redhat.com/errata/RHSA-2018:2180
RedHat Security Advisories: RHSA-2018:2181
https://access.redhat.com/errata/RHSA-2018:2181
http://www.securitytracker.com/id/1041051
https://usn.ubuntu.com/3675-1/
https://usn.ubuntu.com/3675-2/
https://usn.ubuntu.com/3675-3/
https://usn.ubuntu.com/3964-1/
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.