Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0056)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0056

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0056)

Resumen: The remote host is missing an update for the 'plexus-archiver' package(s) announced via the MGASA-2014-0056 advisory.

Descripción: Summary:
The remote host is missing an update for the 'plexus-archiver' package(s) announced via the MGASA-2014-0056 advisory.

Vulnerability Insight:
Algorithmic complexity vulnerability in the sorting algorithms in bzip2
compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress
before 1.4.1 allows remote attackers to cause a denial of service (CPU
consumption) via a file with many repeating inputs (CVE-2012-2098).

plexus-archiver used an embedded copy of the affected code from Apache
Commons Compress, and therefore was affected by this. It has been patched
to use the apache-commons-compress package, in which this issue has already
been fixed, for bzip2 compression and decompression.

Affected Software/OS:
'plexus-archiver' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2098
BugTraq ID: 53676
http://www.securityfocus.com/bid/53676
Bugtraq: 20120523 [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html
http://ant.apache.org/security.html
http://commons.apache.org/compress/security.html
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
http://www.openwall.com/lists/oss-security/2023/09/13/3
http://osvdb.org/82161
http://www.securitytracker.com/id?1027096
http://secunia.com/advisories/49255
http://secunia.com/advisories/49286
XForce ISS Database: apache-commons-ant-bzip2-dos(75857)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75857

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0056
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0056)
Resumen:	The remote host is missing an update for the 'plexus-archiver' package(s) announced via the MGASA-2014-0056 advisory.
Descripción:	Summary: The remote host is missing an update for the 'plexus-archiver' package(s) announced via the MGASA-2014-0056 advisory. Vulnerability Insight: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs (CVE-2012-2098). plexus-archiver used an embedded copy of the affected code from Apache Commons Compress, and therefore was affected by this. It has been patched to use the apache-commons-compress package, in which this issue has already been fixed, for bzip2 compression and decompression. Affected Software/OS: 'plexus-archiver' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2098 BugTraq ID: 53676 http://www.securityfocus.com/bid/53676 Bugtraq: 20120523 [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html http://ant.apache.org/security.html http://commons.apache.org/compress/security.html http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html https://www.oracle.com/security-alerts/cpujan2021.html https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E http://www.openwall.com/lists/oss-security/2023/09/13/3 http://osvdb.org/82161 http://www.securitytracker.com/id?1027096 http://secunia.com/advisories/49255 http://secunia.com/advisories/49286 XForce ISS Database: apache-commons-ant-bzip2-dos(75857) https://exchange.xforce.ibmcloud.com/vulnerabilities/75857
Copyright	Copyright (C) 2022 Greenbone AG