ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0315
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0315)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0315 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0315 advisory. Vulnerability Insight: The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757) Potentially exploitable crash due to 360 Total Security. (CVE-2019-11758) Stack buffer overflow in HKDF output. (CVE-2019-11759) Stack buffer overflow in WebRTC networking. (CVE-2019-11760) Unintended access to a privileged JSONView object. (CVE-2019-11761) document.domain-based origin isolation has same-origin-property violation. (CVE-2019-11762) Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2. (CVE-2019-11764) Heap overflow in expat library in XML_GetCurrentLineNumber. (CVE-2019-15903) Affected Software/OS: 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11757 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-11758 Common Vulnerability Exposure (CVE) ID: CVE-2019-11759 Common Vulnerability Exposure (CVE) ID: CVE-2019-11760 Common Vulnerability Exposure (CVE) ID: CVE-2019-11761 Common Vulnerability Exposure (CVE) ID: CVE-2019-11762 Common Vulnerability Exposure (CVE) ID: CVE-2019-11763 Common Vulnerability Exposure (CVE) ID: CVE-2019-11764 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599 Common Vulnerability Exposure (CVE) ID: CVE-2019-15903 Bugtraq: 20190917 [slackware-security] expat (SSA:2019-259-01) (Google Search) https://seclists.org/bugtraq/2019/Sep/30 Bugtraq: 20190923 [SECURITY] [DSA 4530-1] expat security update (Google Search) https://seclists.org/bugtraq/2019/Sep/37 Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search) https://seclists.org/bugtraq/2019/Oct/29 Bugtraq: 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2019/Nov/1 Bugtraq: 20191118 [SECURITY] [DSA 4571-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2019/Nov/24 Bugtraq: 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (Google Search) https://seclists.org/bugtraq/2019/Dec/23 Bugtraq: 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3 (Google Search) https://seclists.org/bugtraq/2019/Dec/21 Bugtraq: 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1 (Google Search) https://seclists.org/bugtraq/2019/Dec/17 https://github.com/libexpat/libexpat/issues/342 https://security.netapp.com/advisory/ntap-20190926-0004/ https://support.apple.com/kb/HT210785 https://support.apple.com/kb/HT210788 https://support.apple.com/kb/HT210789 https://support.apple.com/kb/HT210790 https://support.apple.com/kb/HT210793 https://support.apple.com/kb/HT210794 https://support.apple.com/kb/HT210795 Debian Security Information: DSA-4530 (Google Search) https://www.debian.org/security/2019/dsa-4530 Debian Security Information: DSA-4549 (Google Search) https://www.debian.org/security/2019/dsa-4549 Debian Security Information: DSA-4571 (Google Search) https://www.debian.org/security/2019/dsa-4571 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/ http://seclists.org/fulldisclosure/2019/Dec/23 http://seclists.org/fulldisclosure/2019/Dec/26 http://seclists.org/fulldisclosure/2019/Dec/27 http://seclists.org/fulldisclosure/2019/Dec/30 https://security.gentoo.org/glsa/201911-08 http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 https://github.com/libexpat/libexpat/issues/317 https://github.com/libexpat/libexpat/pull/318 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html RedHat Security Advisories: RHSA-2019:3210 https://access.redhat.com/errata/RHSA-2019:3210 RedHat Security Advisories: RHSA-2019:3237 https://access.redhat.com/errata/RHSA-2019:3237 RedHat Security Advisories: RHSA-2019:3756 https://access.redhat.com/errata/RHSA-2019:3756 SuSE Security Announcement: openSUSE-SU-2019:2204 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html SuSE Security Announcement: openSUSE-SU-2019:2205 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html SuSE Security Announcement: openSUSE-SU-2019:2420 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html SuSE Security Announcement: openSUSE-SU-2019:2424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html SuSE Security Announcement: openSUSE-SU-2019:2425 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html SuSE Security Announcement: openSUSE-SU-2019:2447 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:2451 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html SuSE Security Announcement: openSUSE-SU-2019:2452 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html SuSE Security Announcement: openSUSE-SU-2019:2459 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html SuSE Security Announcement: openSUSE-SU-2019:2464 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html SuSE Security Announcement: openSUSE-SU-2020:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://usn.ubuntu.com/4132-1/ https://usn.ubuntu.com/4132-2/ https://usn.ubuntu.com/4165-1/ https://usn.ubuntu.com/4202-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.