Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0396
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0396)
Zusammenfassung:	The remote host is missing an update for the 'flightcrew' package(s) announced via the MGASA-2019-0396 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'flightcrew' package(s) announced via the MGASA-2019-0396 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. (CVE-2019-13032) FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. (CVE-2019-13241) Affected Software/OS: 'flightcrew' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-13032 https://github.com/Sigil-Ebook/flightcrew/issues/53 https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3/ https://usn.ubuntu.com/4055-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-13241 https://github.com/Sigil-Ebook/flightcrew/issues/52 https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.