Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0236)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0236

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0236)

Zusammenfassung: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0236 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0236 advisory.

Vulnerability Insight:
Updated firefox packages fix a security vulnerability:

Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis,
Christian Holler reported memory safety bugs present in Firefox 88 and
Firefox ESR 78.11. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could
have been exploited to run arbitrary code (CVE-2021-29967).

Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11

This update also fixes:
- Unable to connect to Element with the firefox ESR packaged by Mageia
(Bug 28755).
- Crashes on certain webpages with our packaged version (Bug 28652).
- Some connections to websites like Santander Bank (Bug 28359).
- Neither audio nor video with BigBlueButton and other WebRTC services
with our packaged version of Firefox ESR (Bug 27374).

Affected Software/OS:
'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 7, Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-29967
https://security.gentoo.org/glsa/202208-14
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
https://www.mozilla.org/security/advisories/mfsa2021-23/
https://www.mozilla.org/security/advisories/mfsa2021-24/
https://www.mozilla.org/security/advisories/mfsa2021-26/

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0236
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0236)
Zusammenfassung:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0236 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0236 advisory. Vulnerability Insight: Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29967). Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 This update also fixes: - Unable to connect to Element with the firefox ESR packaged by Mageia (Bug 28755). - Crashes on certain webpages with our packaged version (Bug 28652). - Some connections to websites like Santander Bank (Bug 28359). - Neither audio nor video with BigBlueButton and other WebRTC services with our packaged version of Firefox ESR (Bug 27374). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-29967 https://security.gentoo.org/glsa/202208-14 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 https://www.mozilla.org/security/advisories/mfsa2021-23/ https://www.mozilla.org/security/advisories/mfsa2021-24/ https://www.mozilla.org/security/advisories/mfsa2021-26/
Copyright	Copyright (C) 2022 Greenbone AG