Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0032)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0032

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0032)

Zusammenfassung: The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

A NULL pointer dereference was discovered in newVar3 in util/decompile.c
in libming 0.4.8. The vulnerability causes a segmentation fault and
application crash, which leads to denial of service. (CVE-2018-7866)

There is a heap-based buffer overflow in the getString function of
util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input
will lead to a denial of service attack. (CVE-2018-7873)

In libming 0.4.8, a memory exhaustion vulnerability was found in the
function parseSWF_ACTIONRECORD in util/parser.c, which allows remote
attackers to cause a denial of service via a crafted file.
(CVE-2018-7876)

In libming 0.4.8, there is a use-after-free in the decompileJUMP function
of the decompile.c file. (CVE-2018-9009)

libming 0.4.8 has a NULL pointer dereference in the getInt function of the
decompile.c file. Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted swf file. (CVE-2018-9132)

Affected Software/OS:
'ming' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-7866
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47KZ5RYWQMBN5DVDITBVRDNDCSFNBJ3V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260
https://github.com/libming/libming/issues/118
https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7873
https://github.com/libming/libming/issues/111
Common Vulnerability Exposure (CVE) ID: CVE-2018-7876
https://github.com/libming/libming/issues/109
Common Vulnerability Exposure (CVE) ID: CVE-2018-9009
https://github.com/libming/libming/issues/131
Common Vulnerability Exposure (CVE) ID: CVE-2018-9132
https://github.com/libming/libming/issues/133

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0032
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0032)
Zusammenfassung:	The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866) There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. (CVE-2018-7873) In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. (CVE-2018-7876) In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. (CVE-2018-9009) libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. (CVE-2018-9132) Affected Software/OS: 'ming' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7866 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47KZ5RYWQMBN5DVDITBVRDNDCSFNBJ3V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260 https://github.com/libming/libming/issues/118 https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2018-7873 https://github.com/libming/libming/issues/111 Common Vulnerability Exposure (CVE) ID: CVE-2018-7876 https://github.com/libming/libming/issues/109 Common Vulnerability Exposure (CVE) ID: CVE-2018-9009 https://github.com/libming/libming/issues/131 Common Vulnerability Exposure (CVE) ID: CVE-2018-9132 https://github.com/libming/libming/issues/133
Copyright	Copyright (C) 2022 Greenbone AG