Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0313
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0313)
Zusammenfassung:	The remote host is missing an update for the 'libxslt' package(s) announced via the MGASA-2019-0313 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libxslt' package(s) announced via the MGASA-2019-0313 advisory. Vulnerability Insight: Updated libxslt package fixes security vulnerabilities: * In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character (CVE-2019-13117). * In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data (CVE-2019-13118). * In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed (CVE-2019-18197). Affected Software/OS: 'libxslt' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-13117 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 https://oss-fuzz.com/testcase-detail/5631739747106816 https://www.oracle.com/security-alerts/cpujan2020.html https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html http://www.openwall.com/lists/oss-security/2019/11/17/2 SuSE Security Announcement: openSUSE-SU-2020:0731 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html https://usn.ubuntu.com/4164-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-13118 Bugtraq: 20190723 APPLE-SA-2019-7-22-1 iOS 12.4 (Google Search) https://seclists.org/bugtraq/2019/Jul/35 Bugtraq: 20190723 APPLE-SA-2019-7-22-4 watchOS 5.3 (Google Search) https://seclists.org/bugtraq/2019/Jul/36 Bugtraq: 20190723 APPLE-SA-2019-7-22-5 tvOS 12.4 (Google Search) https://seclists.org/bugtraq/2019/Jul/37 Bugtraq: 20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 (Google Search) https://seclists.org/bugtraq/2019/Jul/41 Bugtraq: 20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 (Google Search) https://seclists.org/bugtraq/2019/Jul/42 Bugtraq: 20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 (Google Search) https://seclists.org/bugtraq/2019/Jul/40 Bugtraq: 20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra (Google Search) https://seclists.org/bugtraq/2019/Aug/21 Bugtraq: 20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 (Google Search) https://seclists.org/bugtraq/2019/Aug/25 Bugtraq: 20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 (Google Search) https://seclists.org/bugtraq/2019/Aug/22 Bugtraq: 20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 (Google Search) https://seclists.org/bugtraq/2019/Aug/23 http://seclists.org/fulldisclosure/2019/Jul/23 http://seclists.org/fulldisclosure/2019/Jul/22 http://seclists.org/fulldisclosure/2019/Jul/24 http://seclists.org/fulldisclosure/2019/Jul/26 http://seclists.org/fulldisclosure/2019/Jul/37 http://seclists.org/fulldisclosure/2019/Jul/38 http://seclists.org/fulldisclosure/2019/Jul/31 http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b https://oss-fuzz.com/testcase-detail/5197371471822848 Common Vulnerability Exposure (CVE) ID: CVE-2019-18197 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914 https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285 https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html RedHat Security Advisories: RHSA-2020:0514 https://access.redhat.com/errata/RHSA-2020:0514 SuSE Security Announcement: openSUSE-SU-2020:0189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html SuSE Security Announcement: openSUSE-SU-2020:0210 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:0233 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.