Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0041)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0041

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0041)

Zusammenfassung: The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory.

Vulnerability Insight:
Multiple integer overflows have been discovered in the array allocations in
the p11-kit library and the p11-kit list command, where overflow checks are
missing before calling realloc or calloc (CVE-2020-29361).

A heap-based buffer over-read has been discovered in the RPC protocol used by
the p11-kit server/remote commands and the client library. When the remote
entity supplies a byte array through a serialized PKCS#11 function call, the
receiving entity may allow the reading of up to 4 bytes of memory past the
heap allocation (CVE-2020-29362).

A heap-based buffer overflow has been discovered in the RPC protocol used by
p11-kit server/remote commands and the client library. When the remote entity
supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may
not allocate sufficient length for the buffer to store the deserialized value
(CVE-2020-29363).

Affected Software/OS:
'p11-kit' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-29361
Debian Security Information: DSA-4822 (Google Search)
https://www.debian.org/security/2021/dsa-4822
https://github.com/p11-glue/p11-kit/releases
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-29362
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
Common Vulnerability Exposure (CVE) ID: CVE-2020-29363
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
https://www.oracle.com/security-alerts/cpuapr2022.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0041
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0041)
Zusammenfassung:	The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory. Vulnerability Insight: Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc (CVE-2020-29361). A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation (CVE-2020-29362). A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value (CVE-2020-29363). Affected Software/OS: 'p11-kit' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-29361 Debian Security Information: DSA-4822 (Google Search) https://www.debian.org/security/2021/dsa-4822 https://github.com/p11-glue/p11-kit/releases https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2020-29362 https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc Common Vulnerability Exposure (CVE) ID: CVE-2020-29363 https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x https://www.oracle.com/security-alerts/cpuapr2022.html
Copyright	Copyright (C) 2022 Greenbone AG