Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0245)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0245

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0245)

Resumen: The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2014-0245 advisory.

Descripción: Summary:
The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2014-0245 advisory.

Vulnerability Insight:
Updated mumble packages fix security vulnerabilities:

In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of
Service attack when rendering crafted SVG files that contain references to
files on the local computer, due to an issue in Qt's SVG renderer module.
This issue can be triggered remotely by an entity participating in a Mumble
voice chat, using text messages, channel comments, user comments and user
textures/avatars (CVE-2014-3755).

In Mumble before 1.2.6, The Mumble client did not properly HTML-escape some
external strings before using them in a rich-text (HTML) context. In some
situations, this could be abused to perform a Denial of Service attack on a
Mumble client by causing it to load external files via the HTML
(CVE-2014-3756).

Affected Software/OS:
'mumble' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3755
BugTraq ID: 67400
http://www.securityfocus.com/bid/67400
https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814
http://www.openwall.com/lists/oss-security/2014/05/15/4
http://www.openwall.com/lists/oss-security/2014/05/15/1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3756
BugTraq ID: 67401
http://www.securityfocus.com/bid/67401

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0245
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0245)
Resumen:	The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2014-0245 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2014-0245 advisory. Vulnerability Insight: Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be triggered remotely by an entity participating in a Mumble voice chat, using text messages, channel comments, user comments and user textures/avatars (CVE-2014-3755). In Mumble before 1.2.6, The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. In some situations, this could be abused to perform a Denial of Service attack on a Mumble client by causing it to load external files via the HTML (CVE-2014-3756). Affected Software/OS: 'mumble' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3755 BugTraq ID: 67400 http://www.securityfocus.com/bid/67400 https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814 http://www.openwall.com/lists/oss-security/2014/05/15/4 http://www.openwall.com/lists/oss-security/2014/05/15/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3756 BugTraq ID: 67401 http://www.securityfocus.com/bid/67401
Copyright	Copyright (C) 2022 Greenbone AG