ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0286
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0286)
Resumen:	The remote host is missing an update for the 'python-simplejson' package(s) announced via the MGASA-2014-0286 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-simplejson' package(s) announced via the MGASA-2014-0286 advisory. Vulnerability Insight: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). This issue also affected the python-simplejson package, which has been patched to fix the bug. Affected Software/OS: 'python-simplejson' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4616 BugTraq ID: 68119 http://www.securityfocus.com/bid/68119 https://security.gentoo.org/glsa/201503-10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 https://hackerone.com/reports/12297 http://openwall.com/lists/oss-security/2014/06/24/7 RedHat Security Advisories: RHSA-2015:1064 http://rhn.redhat.com/errata/RHSA-2015-1064.html SuSE Security Announcement: openSUSE-SU-2014:0890 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.