Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0307)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0307

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0307)

Resumen: The remote host is missing an update for the 'pcre2, php' package(s) announced via the MGASA-2019-0307 advisory.

Descripción: Summary:
The remote host is missing an update for the 'pcre2, php' package(s) announced via the MGASA-2019-0307 advisory.

Vulnerability Insight:
Updated php and pcre2 packages fix security vulnerabilities:

- FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE.
(CVE-2019-11043)
- MBString (#78633) Heap buffer overflow (read) in mb_eregi.
- Mysqlnd (#78525) Memory leak in pdo when reusing native prepared
statements.
- PCRE (#78272) calling preg_match() before pcntl_fork() will freeze
child process.
- Base (#78612) strtr leaks memory when integer keys are used and the
subject string shorter.

Affected Software/OS:
'pcre2, php' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-11043
Bugtraq: 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra (Google Search)
https://seclists.org/bugtraq/2020/Jan/44
Debian Security Information: DSA-4552 (Google Search)
https://www.debian.org/security/2019/dsa-4552
Debian Security Information: DSA-4553 (Google Search)
https://www.debian.org/security/2019/dsa-4553
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
http://seclists.org/fulldisclosure/2020/Jan/40
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
https://github.com/neex/phuip-fpizdam
RedHat Security Advisories: RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3286
RedHat Security Advisories: RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3287
RedHat Security Advisories: RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3299
RedHat Security Advisories: RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3300
RedHat Security Advisories: RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3724
RedHat Security Advisories: RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3735
RedHat Security Advisories: RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2019:3736
RedHat Security Advisories: RHSA-2020:0322
https://access.redhat.com/errata/RHSA-2020:0322
SuSE Security Announcement: openSUSE-SU-2019:2441 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
SuSE Security Announcement: openSUSE-SU-2019:2457 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-2/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0307
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0307)
Resumen:	The remote host is missing an update for the 'pcre2, php' package(s) announced via the MGASA-2019-0307 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pcre2, php' package(s) announced via the MGASA-2019-0307 advisory. Vulnerability Insight: Updated php and pcre2 packages fix security vulnerabilities: - FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE. (CVE-2019-11043) - MBString (#78633) Heap buffer overflow (read) in mb_eregi. - Mysqlnd (#78525) Memory leak in pdo when reusing native prepared statements. - PCRE (#78272) calling preg_match() before pcntl_fork() will freeze child process. - Base (#78612) strtr leaks memory when integer keys are used and the subject string shorter. Affected Software/OS: 'pcre2, php' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11043 Bugtraq: 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra (Google Search) https://seclists.org/bugtraq/2020/Jan/44 Debian Security Information: DSA-4552 (Google Search) https://www.debian.org/security/2019/dsa-4552 Debian Security Information: DSA-4553 (Google Search) https://www.debian.org/security/2019/dsa-4553 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ http://seclists.org/fulldisclosure/2020/Jan/40 http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html https://github.com/neex/phuip-fpizdam RedHat Security Advisories: RHSA-2019:3286 https://access.redhat.com/errata/RHSA-2019:3286 RedHat Security Advisories: RHSA-2019:3287 https://access.redhat.com/errata/RHSA-2019:3287 RedHat Security Advisories: RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299 RedHat Security Advisories: RHSA-2019:3300 https://access.redhat.com/errata/RHSA-2019:3300 RedHat Security Advisories: RHSA-2019:3724 https://access.redhat.com/errata/RHSA-2019:3724 RedHat Security Advisories: RHSA-2019:3735 https://access.redhat.com/errata/RHSA-2019:3735 RedHat Security Advisories: RHSA-2019:3736 https://access.redhat.com/errata/RHSA-2019:3736 RedHat Security Advisories: RHSA-2020:0322 https://access.redhat.com/errata/RHSA-2020:0322 SuSE Security Announcement: openSUSE-SU-2019:2441 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:2457 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html https://usn.ubuntu.com/4166-1/ https://usn.ubuntu.com/4166-2/
Copyright	Copyright (C) 2022 Greenbone AG