Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0377)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0377

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0377)

Resumen: The remote host is missing an update for the 'libx11' package(s) announced via the MGASA-2018-0377 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libx11' package(s) announced via the MGASA-2018-0377 advisory.

Vulnerability Insight:
Updated libx11 packages fix security vulnerabilities:

An issue was discovered in XListExtensions in ListExt.c in libX11 through
1.6.5. A malicious server can send a reply in which the first string
overflows, causing a variable to be set to NULL that will be freed later
on, leading to DoS (segmentation fault) (CVE-2018-14598).

An issue was discovered in libX11 through 1.6.5. The function
XListExtensions in ListExt.c is vulnerable to an off-by-one error caused
by malicious server responses, leading to DoS or possibly unspecified
other impact (CVE-2018-14599).

An issue was discovered in libX11 through 1.6.5. The function
XListExtensions in ListExt.c interprets a variable as signed instead of
unsigned, resulting in an out-of-bounds write (of up to 128 bytes),
leading to DoS or remote code execution (CVE-2018-14600).

Affected Software/OS:
'libx11' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-14598
BugTraq ID: 105177
http://www.securityfocus.com/bid/105177
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
https://security.gentoo.org/glsa/201811-01
https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
http://www.openwall.com/lists/oss-security/2018/08/21/6
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
RedHat Security Advisories: RHSA-2019:2079
https://access.redhat.com/errata/RHSA-2019:2079
http://www.securitytracker.com/id/1041543
https://usn.ubuntu.com/3758-1/
https://usn.ubuntu.com/3758-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-14599
Common Vulnerability Exposure (CVE) ID: CVE-2018-14600

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0377
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0377)
Resumen:	The remote host is missing an update for the 'libx11' package(s) announced via the MGASA-2018-0377 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libx11' package(s) announced via the MGASA-2018-0377 advisory. Vulnerability Insight: Updated libx11 packages fix security vulnerabilities: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (CVE-2018-14598). An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (CVE-2018-14599). An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (CVE-2018-14600). Affected Software/OS: 'libx11' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14598 BugTraq ID: 105177 http://www.securityfocus.com/bid/105177 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/ https://security.gentoo.org/glsa/201811-01 https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html http://www.openwall.com/lists/oss-security/2018/08/21/6 https://lists.x.org/archives/xorg-announce/2018-August/002916.html RedHat Security Advisories: RHSA-2019:2079 https://access.redhat.com/errata/RHSA-2019:2079 http://www.securitytracker.com/id/1041543 https://usn.ubuntu.com/3758-1/ https://usn.ubuntu.com/3758-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-14599 Common Vulnerability Exposure (CVE) ID: CVE-2018-14600
Copyright	Copyright (C) 2022 Greenbone AG