ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0354
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0354)
Resumen:	The remote host is missing an update for the 'thunderbird' package(s) announced via the MGASA-2018-0354 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the MGASA-2018-0354 advisory. Vulnerability Insight: Updated thunderbird package fixes security vulnerabilities: * Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (CVE-2018-12019). * Spoofing of Email signatures I: GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof arbitrary email signatures via the embedded '--filename' parameter in OpenPGP literal data packets. This release of Enigmail prevents the exploit for all versions of GnuPG, i.e. also if GnuPG is not updated (CVE-2018-12020). Affected Software/OS: 'thunderbird' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12019 http://seclists.org/fulldisclosure/2019/Apr/38 http://openwall.com/lists/oss-security/2018/06/13/10 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://github.com/RUB-NDS/Johnny-You-Are-Fired https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://www.enigmail.net/index.php/en/download/changelog http://www.openwall.com/lists/oss-security/2019/04/30/4 Common Vulnerability Exposure (CVE) ID: CVE-2018-12020 BugTraq ID: 104450 http://www.securityfocus.com/bid/104450 Debian Security Information: DSA-4222 (Google Search) https://www.debian.org/security/2018/dsa-4222 Debian Security Information: DSA-4223 (Google Search) https://www.debian.org/security/2018/dsa-4223 Debian Security Information: DSA-4224 (Google Search) https://www.debian.org/security/2018/dsa-4224 http://openwall.com/lists/oss-security/2018/06/08/2 https://dev.gnupg.org/T4012 https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html RedHat Security Advisories: RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2180 RedHat Security Advisories: RHSA-2018:2181 https://access.redhat.com/errata/RHSA-2018:2181 http://www.securitytracker.com/id/1041051 https://usn.ubuntu.com/3675-1/ https://usn.ubuntu.com/3675-2/ https://usn.ubuntu.com/3675-3/ https://usn.ubuntu.com/3964-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.