Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0105)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131260
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0105)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2016-0105 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2016-0105 advisory. Vulnerability Insight: Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash (CVE-2015-4477). Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries() is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of going to the original location. This is a same-origin policy violation and could allow for data theft (CVE-2015-7207). A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library (CVE-2016-1950). Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes (CVE-2016-1979). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966). Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4477 https://security.gentoo.org/glsa/201605-06 http://www.securitytracker.com/id/1033247 SuSE Security Announcement: openSUSE-SU-2015:1389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1390 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0876 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html SuSE Security Announcement: openSUSE-SU-2016:0894 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html http://www.ubuntu.com/usn/USN-2702-1 http://www.ubuntu.com/usn/USN-2702-2 http://www.ubuntu.com/usn/USN-2702-3 Common Vulnerability Exposure (CVE) ID: CVE-2015-7207 BugTraq ID: 79280 http://www.securityfocus.com/bid/79280 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html https://security.gentoo.org/glsa/201512-10 https://github.com/w3c/resource-timing/issues/29 http://www.securitytracker.com/id/1034426 SuSE Security Announcement: openSUSE-SU-2015:2353 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.ubuntu.com/usn/USN-2833-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1950 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 84223 http://www.securityfocus.com/bid/84223 Debian Security Information: DSA-3510 (Google Search) http://www.debian.org/security/2016/dsa-3510 Debian Security Information: DSA-3520 (Google Search) http://www.debian.org/security/2016/dsa-3520 Debian Security Information: DSA-3688 (Google Search) http://www.debian.org/security/2016/dsa-3688 RedHat Security Advisories: RHSA-2016:0495 http://rhn.redhat.com/errata/RHSA-2016-0495.html http://www.securitytracker.com/id/1035215 SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.ubuntu.com/usn/USN-2917-1 http://www.ubuntu.com/usn/USN-2917-2 http://www.ubuntu.com/usn/USN-2917-3 http://www.ubuntu.com/usn/USN-2924-1 http://www.ubuntu.com/usn/USN-2934-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1952 SuSE Security Announcement: openSUSE-SU-2016:1767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:1769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:1778 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1954 Common Vulnerability Exposure (CVE) ID: CVE-2016-1957 Common Vulnerability Exposure (CVE) ID: CVE-2016-1958 Common Vulnerability Exposure (CVE) ID: CVE-2016-1960 https://www.exploit-db.com/exploits/42484/ https://www.exploit-db.com/exploits/44294/ http://zerodayinitiative.com/advisories/ZDI-16-198/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1961 http://zerodayinitiative.com/advisories/ZDI-16-199/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1962 Common Vulnerability Exposure (CVE) ID: CVE-2016-1964 Common Vulnerability Exposure (CVE) ID: CVE-2016-1965 Common Vulnerability Exposure (CVE) ID: CVE-2016-1966 Common Vulnerability Exposure (CVE) ID: CVE-2016-1974 Common Vulnerability Exposure (CVE) ID: CVE-2016-1977 BugTraq ID: 84222 http://www.securityfocus.com/bid/84222 Debian Security Information: DSA-3515 (Google Search) http://www.debian.org/security/2016/dsa-3515 https://security.gentoo.org/glsa/201701-63 http://www.ubuntu.com/usn/USN-2927-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1979 BugTraq ID: 84221 http://www.securityfocus.com/bid/84221 Debian Security Information: DSA-3576 (Google Search) http://www.debian.org/security/2016/dsa-3576 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes RedHat Security Advisories: RHSA-2016:0591 http://rhn.redhat.com/errata/RHSA-2016-0591.html RedHat Security Advisories: RHSA-2016:0684 http://rhn.redhat.com/errata/RHSA-2016-0684.html RedHat Security Advisories: RHSA-2016:0685 http://rhn.redhat.com/errata/RHSA-2016-0685.html http://www.ubuntu.com/usn/USN-2973-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2790 Common Vulnerability Exposure (CVE) ID: CVE-2016-2791 Common Vulnerability Exposure (CVE) ID: CVE-2016-2792 Common Vulnerability Exposure (CVE) ID: CVE-2016-2793 Common Vulnerability Exposure (CVE) ID: CVE-2016-2794 Common Vulnerability Exposure (CVE) ID: CVE-2016-2795 Common Vulnerability Exposure (CVE) ID: CVE-2016-2796 Common Vulnerability Exposure (CVE) ID: CVE-2016-2797 Common Vulnerability Exposure (CVE) ID: CVE-2016-2798 Common Vulnerability Exposure (CVE) ID: CVE-2016-2799 Common Vulnerability Exposure (CVE) ID: CVE-2016-2800 Common Vulnerability Exposure (CVE) ID: CVE-2016-2801 Common Vulnerability Exposure (CVE) ID: CVE-2016-2802
Copyright	Copyright (C) 2016 Greenbone AG