Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0205)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0205

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0205)

Resumen: The remote host is missing an update for the 'dosbox' package(s) announced via the MGASA-2019-0205 advisory.

Descripción: Summary:
The remote host is missing an update for the 'dosbox' package(s) announced via the MGASA-2019-0205 advisory.

Vulnerability Insight:
Dosbox 0.74-3 is a security release:
* Fixed that a very long line inside a bat file would overflow the
parsing buffer. (CVE-2019-7165 by Alexandre Bartel)
* Added a basic permission system so that a program running inside
DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when
/ or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre Bartel)

It also brings several other fixes for out of bounds access and buffer
overflows, and some fixes to the OpenGL rendering.

The game compatibility should be identical to 0.74 and 0.74-2.
It is recommended to use config -securemode when dealing with untrusted
files.

Affected Software/OS:
'dosbox' package(s) on Mageia 6, Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-12594
Bugtraq: 20190712 [SECURITY] [DSA 4478-1] dosbox security update (Google Search)
https://seclists.org/bugtraq/2019/Jul/14
Debian Security Information: DSA-4478 (Google Search)
https://www.debian.org/security/2019/dsa-4478
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYV27Z3QZTDHUZJLW3LDJYO7HBVIMJ5F/
https://security-tracker.debian.org/tracker/CVE-2019-12594
https://www.dosbox.com/crew.php
https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2019:1905 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00047.html
SuSE Security Announcement: openSUSE-SU-2019:1920 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00053.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-7165
https://security-tracker.debian.org/tracker/CVE-2019-7165

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0205
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0205)
Resumen:	The remote host is missing an update for the 'dosbox' package(s) announced via the MGASA-2019-0205 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dosbox' package(s) announced via the MGASA-2019-0205 advisory. Vulnerability Insight: Dosbox 0.74-3 is a security release: * Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel) * Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre Bartel) It also brings several other fixes for out of bounds access and buffer overflows, and some fixes to the OpenGL rendering. The game compatibility should be identical to 0.74 and 0.74-2. It is recommended to use config -securemode when dealing with untrusted files. Affected Software/OS: 'dosbox' package(s) on Mageia 6, Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12594 Bugtraq: 20190712 [SECURITY] [DSA 4478-1] dosbox security update (Google Search) https://seclists.org/bugtraq/2019/Jul/14 Debian Security Information: DSA-4478 (Google Search) https://www.debian.org/security/2019/dsa-4478 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYV27Z3QZTDHUZJLW3LDJYO7HBVIMJ5F/ https://security-tracker.debian.org/tracker/CVE-2019-12594 https://www.dosbox.com/crew.php https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1905 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00047.html SuSE Security Announcement: openSUSE-SU-2019:1920 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00053.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7165 https://security-tracker.debian.org/tracker/CVE-2019-7165
Copyright	Copyright (C) 2022 Greenbone AG