Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0074)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0074

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0074)

Resumen: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2019-0074 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2019-0074 advisory.

Vulnerability Insight:
libarchive contains an out-of-bounds read vulnerability in 7zip
decompression, archive_read_support_format_7zip.c, header_bytes() that can
result in a crash (denial of service). This attack appears to be
exploitable via the victim opening a specially crafted 7zip file
(CVE-2019-1000019).

libarchive contains an infinite loop vulnerability in the ISO9660 parser,
archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that
can result in DoS by infinite loop. This attack appears to be exploitable
via the victim opening a specially crafted ISO9660 file (CVE-2019-1000020).

Affected Software/OS:
'libarchive' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-1000019
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/
https://github.com/libarchive/libarchive/pull/1120
https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1
https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html
RedHat Security Advisories: RHSA-2019:2298
https://access.redhat.com/errata/RHSA-2019:2298
RedHat Security Advisories: RHSA-2019:3698
https://access.redhat.com/errata/RHSA-2019:3698
SuSE Security Announcement: openSUSE-SU-2019:1196 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html
SuSE Security Announcement: openSUSE-SU-2019:2615 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
SuSE Security Announcement: openSUSE-SU-2019:2632 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
https://usn.ubuntu.com/3884-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-1000020
https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0074
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0074)
Resumen:	The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2019-0074 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2019-0074 advisory. Vulnerability Insight: libarchive contains an out-of-bounds read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file (CVE-2019-1000019). libarchive contains an infinite loop vulnerability in the ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file (CVE-2019-1000020). Affected Software/OS: 'libarchive' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1000019 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/ https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1 https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html RedHat Security Advisories: RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:2298 RedHat Security Advisories: RHSA-2019:3698 https://access.redhat.com/errata/RHSA-2019:3698 SuSE Security Announcement: openSUSE-SU-2019:1196 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html SuSE Security Announcement: openSUSE-SU-2019:2615 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2632 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://usn.ubuntu.com/3884-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1000020 https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423
Copyright	Copyright (C) 2022 Greenbone AG