Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0053)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0053

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0053)

Zusammenfassung: The remote host is missing an update for the 'epiphany' package(s) announced via the MGASA-2022-0053 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'epiphany' package(s) announced via the MGASA-2022-0053 advisory.

Vulnerability Insight:
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1
via an about: page, as demonstrated by ephy-about:overview when a user
visits an XSS payload page often enough to place that page on the Most
Visited list (CVE-2021-45085).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1
because a server's suggested_filename is used as the pdf_name value in
PDF.js (CVE-2021-45086).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1
when View Source mode or Reader mode is used, as demonstrated by a page
title (CVE-2021-45087).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1
via an error page (CVE-2021-45088).

Affected Software/OS:
'epiphany' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-45085
Debian Security Information: DSA-5042 (Google Search)
https://www.debian.org/security/2022/dsa-5042
https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
https://lists.debian.org/debian-lts-announce/2022/08/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-45086
Common Vulnerability Exposure (CVE) ID: CVE-2021-45087
Common Vulnerability Exposure (CVE) ID: CVE-2021-45088

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0053
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0053)
Zusammenfassung:	The remote host is missing an update for the 'epiphany' package(s) announced via the MGASA-2022-0053 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'epiphany' package(s) announced via the MGASA-2022-0053 advisory. Vulnerability Insight: XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list (CVE-2021-45085). XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js (CVE-2021-45086). XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a page title (CVE-2021-45087). XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page (CVE-2021-45088). Affected Software/OS: 'epiphany' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-45085 Debian Security Information: DSA-5042 (Google Search) https://www.debian.org/security/2022/dsa-5042 https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 https://lists.debian.org/debian-lts-announce/2022/08/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2021-45086 Common Vulnerability Exposure (CVE) ID: CVE-2021-45087 Common Vulnerability Exposure (CVE) ID: CVE-2021-45088
Copyright	Copyright (C) 2022 Greenbone AG