Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0116)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0116

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0116)

Resumen: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0116 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0116 advisory.

Vulnerability Insight:
Proxy Auto-Configuration file can define localhost access to be proxied
(CVE-2018-18506).

Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
(CVE-2019-9788).

Use-after-free when removing in-use DOM elements (CVE-2019-9790).

Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey (CVE-2019-9791).

IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792).

Improper bounds checks when Spectre mitigations are disabled
(CVE-2019-9793).

Type-confusion in IonMonkey JIT compiler (CVE-2019-9795).

Use-after-free with SMIL animation controller (CVE-2019-9796).

Affected Software/OS:
'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-18506
BugTraq ID: 106773
http://www.securityfocus.com/bid/106773
Bugtraq: 20190320 [SECURITY] [DSA 4411-1] firefox-esr security update (Google Search)
https://seclists.org/bugtraq/2019/Mar/28
Bugtraq: 20190401 [SECURITY] [DSA 4420-1] thunderbird security update (Google Search)
https://seclists.org/bugtraq/2019/Apr/0
Debian Security Information: DSA-4411 (Google Search)
https://www.debian.org/security/2019/dsa-4411
Debian Security Information: DSA-4420 (Google Search)
https://www.debian.org/security/2019/dsa-4420
https://security.gentoo.org/glsa/201904-07
https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html
RedHat Security Advisories: RHSA-2019:0622
https://access.redhat.com/errata/RHSA-2019:0622
RedHat Security Advisories: RHSA-2019:0623
https://access.redhat.com/errata/RHSA-2019:0623
RedHat Security Advisories: RHSA-2019:0680
https://access.redhat.com/errata/RHSA-2019:0680
RedHat Security Advisories: RHSA-2019:0681
https://access.redhat.com/errata/RHSA-2019:0681
RedHat Security Advisories: RHSA-2019:0966
https://access.redhat.com/errata/RHSA-2019:0966
RedHat Security Advisories: RHSA-2019:1144
https://access.redhat.com/errata/RHSA-2019:1144
SuSE Security Announcement: openSUSE-SU-2019:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html
SuSE Security Announcement: openSUSE-SU-2019:1077 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html
SuSE Security Announcement: openSUSE-SU-2019:1126 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html
SuSE Security Announcement: openSUSE-SU-2019:1162 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html
https://usn.ubuntu.com/3874-1/
https://usn.ubuntu.com/3927-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9788
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
https://www.mozilla.org/security/advisories/mfsa2019-07/
https://www.mozilla.org/security/advisories/mfsa2019-08/
https://www.mozilla.org/security/advisories/mfsa2019-11/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9790
https://bugzilla.mozilla.org/show_bug.cgi?id=1525145
Common Vulnerability Exposure (CVE) ID: CVE-2019-9791
https://bugzilla.mozilla.org/show_bug.cgi?id=1530958
Common Vulnerability Exposure (CVE) ID: CVE-2019-9792
http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
Common Vulnerability Exposure (CVE) ID: CVE-2019-9793
https://bugzilla.mozilla.org/show_bug.cgi?id=1528829
Common Vulnerability Exposure (CVE) ID: CVE-2019-9795
https://bugzilla.mozilla.org/show_bug.cgi?id=1514682
Common Vulnerability Exposure (CVE) ID: CVE-2019-9796
https://bugzilla.mozilla.org/show_bug.cgi?id=1531277

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0116
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0116)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0116 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0116 advisory. Vulnerability Insight: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506). Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788). Use-after-free when removing in-use DOM elements (CVE-2019-9790). Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791). IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792). Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793). Type-confusion in IonMonkey JIT compiler (CVE-2019-9795). Use-after-free with SMIL animation controller (CVE-2019-9796). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18506 BugTraq ID: 106773 http://www.securityfocus.com/bid/106773 Bugtraq: 20190320 [SECURITY] [DSA 4411-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2019/Mar/28 Bugtraq: 20190401 [SECURITY] [DSA 4420-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2019/Apr/0 Debian Security Information: DSA-4411 (Google Search) https://www.debian.org/security/2019/dsa-4411 Debian Security Information: DSA-4420 (Google Search) https://www.debian.org/security/2019/dsa-4420 https://security.gentoo.org/glsa/201904-07 https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html RedHat Security Advisories: RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622 RedHat Security Advisories: RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623 RedHat Security Advisories: RHSA-2019:0680 https://access.redhat.com/errata/RHSA-2019:0680 RedHat Security Advisories: RHSA-2019:0681 https://access.redhat.com/errata/RHSA-2019:0681 RedHat Security Advisories: RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:0966 RedHat Security Advisories: RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144 SuSE Security Announcement: openSUSE-SU-2019:1056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html SuSE Security Announcement: openSUSE-SU-2019:1077 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html SuSE Security Announcement: openSUSE-SU-2019:1126 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html SuSE Security Announcement: openSUSE-SU-2019:1162 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html https://usn.ubuntu.com/3874-1/ https://usn.ubuntu.com/3927-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9788 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203 https://www.mozilla.org/security/advisories/mfsa2019-07/ https://www.mozilla.org/security/advisories/mfsa2019-08/ https://www.mozilla.org/security/advisories/mfsa2019-11/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9790 https://bugzilla.mozilla.org/show_bug.cgi?id=1525145 Common Vulnerability Exposure (CVE) ID: CVE-2019-9791 https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 Common Vulnerability Exposure (CVE) ID: CVE-2019-9792 http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html https://bugzilla.mozilla.org/show_bug.cgi?id=1532599 Common Vulnerability Exposure (CVE) ID: CVE-2019-9793 https://bugzilla.mozilla.org/show_bug.cgi?id=1528829 Common Vulnerability Exposure (CVE) ID: CVE-2019-9795 https://bugzilla.mozilla.org/show_bug.cgi?id=1514682 Common Vulnerability Exposure (CVE) ID: CVE-2019-9796 https://bugzilla.mozilla.org/show_bug.cgi?id=1531277
Copyright	Copyright (C) 2022 Greenbone AG