ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0088
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0088)
Resumen:	The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2019-0088 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2019-0088 advisory. Vulnerability Insight: A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. (CVE-2018-18356) An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash. (CVE-2019-5785) A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. (CVE-2018-18335) A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. (CVE-2018-18509) Affected Software/OS: 'thunderbird, thunderbird-l10n' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18335 BugTraq ID: 106084 http://www.securityfocus.com/bid/106084 Debian Security Information: DSA-4352 (Google Search) https://www.debian.org/security/2018/dsa-4352 https://security.gentoo.org/glsa/201904-07 https://security.gentoo.org/glsa/201908-18 https://crbug.com/895362 RedHat Security Advisories: RHSA-2018:3803 https://access.redhat.com/errata/RHSA-2018:3803 SuSE Security Announcement: openSUSE-SU-2019:1162 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2018-18356 Debian Security Information: DSA-4391 (Google Search) https://www.debian.org/security/2019/dsa-4391 Debian Security Information: DSA-4392 (Google Search) https://www.debian.org/security/2019/dsa-4392 https://security.gentoo.org/glsa/201903-04 https://crbug.com/883666 https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html RedHat Security Advisories: RHSA-2019:0373 https://access.redhat.com/errata/RHSA-2019:0373 RedHat Security Advisories: RHSA-2019:0374 https://access.redhat.com/errata/RHSA-2019:0374 RedHat Security Advisories: RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144 https://usn.ubuntu.com/3896-1/ https://usn.ubuntu.com/3897-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18509 http://seclists.org/fulldisclosure/2019/Apr/38 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://bugzilla.mozilla.org/show_bug.cgi?id=1507218 https://github.com/RUB-NDS/Johnny-You-Are-Fired https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://www.mozilla.org/security/advisories/mfsa2019-06/ http://www.openwall.com/lists/oss-security/2019/04/30/4 Common Vulnerability Exposure (CVE) ID: CVE-2019-5785 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/899689
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.