ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0282
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0282)
Resumen:	The remote host is missing an update for the 'file' package(s) announced via the MGASA-2014-0282 advisory.
Descripción:	Summary: The remote host is missing an update for the 'file' package(s) announced via the MGASA-2014-0282 advisory. Vulnerability Insight: A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file's libmagic library. Their announcement also references an issue in CDF file parsing, CVE-2014-0207, which was previously fixed in the file package in MGASA-2014-0252, but was not announced at that time. Affected Software/OS: 'file' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3478 59794 http://secunia.com/advisories/59794 59831 http://secunia.com/advisories/59831 68239 http://www.securityfocus.com/bid/68239 APPLE-SA-2015-04-08-2 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html DSA-2974 http://www.debian.org/security/2014/dsa-2974 DSA-3021 http://www.debian.org/security/2014/dsa-3021 HPSBUX03102 http://marc.info/?l=bugtraq&m=141017844705317&w=2 RHSA-2014:1327 http://rhn.redhat.com/errata/RHSA-2014-1327.html RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html SSRT101681 [file] 20140612 file-5.19 is now available http://mx.gw.com/pipermail/file/2014/001553.html http://support.apple.com/kb/HT6443 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=67410 https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08 https://support.apple.com/HT204659 openSUSE-SU-2014:1236 http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3479 68241 http://www.securityfocus.com/bid/68241 https://bugs.php.net/bug.php?id=67411 https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67 Common Vulnerability Exposure (CVE) ID: CVE-2014-3480 68238 http://www.securityfocus.com/bid/68238 https://bugs.php.net/bug.php?id=67412 https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 Common Vulnerability Exposure (CVE) ID: CVE-2014-3487 68120 http://www.securityfocus.com/bid/68120 https://bugs.php.net/bug.php?id=67413 https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.