ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0286
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0286)
Resumen:	The remote host is missing an update for the 'icu' package(s) announced via the MGASA-2015-0286 advisory.
Descripción:	Summary: The remote host is missing an update for the 'icu' package(s) announced via the MGASA-2015-0286 advisory. Vulnerability Insight: The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c (CVE-2014-8146). The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of an int32 value to an int16 type (CVE-2014-8147). The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU) mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file (CVE-2015-1270). Affected Software/OS: 'icu' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8146 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 74457 http://www.securityfocus.com/bid/74457 CERT/CC vulnerability note: VU#602540 http://www.kb.cert.org/vuls/id/602540 Debian Security Information: DSA-3323 (Google Search) http://www.debian.org/security/2015/dsa-3323 http://seclists.org/fulldisclosure/2015/May/14 https://security.gentoo.org/glsa/201507-04 https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html http://openwall.com/lists/oss-security/2015/05/05/6 Common Vulnerability Exposure (CVE) ID: CVE-2014-8147 https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2015-1270 BugTraq ID: 75973 http://www.securityfocus.com/bid/75973 Debian Security Information: DSA-3315 (Google Search) http://www.debian.org/security/2015/dsa-3315 Debian Security Information: DSA-3360 (Google Search) http://www.debian.org/security/2015/dsa-3360 https://security.gentoo.org/glsa/201603-09 RedHat Security Advisories: RHSA-2015:1499 http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.securitytracker.com/id/1033031 SuSE Security Announcement: openSUSE-SU-2015:1287 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://www.ubuntu.com/usn/USN-2740-1
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.