Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0404)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0404

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0404)

Resumen: The remote host is missing an update for the 'libmirage' package(s) announced via the MGASA-2019-0404 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libmirage' package(s) announced via the MGASA-2019-0404 advisory.

Vulnerability Insight:
Updated libmirage packages fix security vulnerabilities:

The CSO filter in libMirage in CDemu did not validate the part size,
triggering a heap-based buffer overflow that could lead to root access
by a local user (CVE-2019-15540).

NULL pointer dereference in the NRG parser (CVE-2019-15757).

Affected Software/OS:
'libmirage' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-15540
https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e
https://sourceforge.net/p/cdemu/bugs/119/
https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/
SuSE Security Announcement: openSUSE-SU-2019:2033 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html
SuSE Security Announcement: openSUSE-SU-2019:2040 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html
SuSE Security Announcement: openSUSE-SU-2019:2077 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-15757
https://gist.github.com/andreafioraldi/343d9ba64060b548c02362a5e61ec932
https://sourceforge.net/p/cdemu/bugs/118/
SuSE Security Announcement: openSUSE-SU-2019:2095 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00025.html
SuSE Security Announcement: openSUSE-SU-2019:2096 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00026.html
SuSE Security Announcement: openSUSE-SU-2019:2129 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00037.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0404
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0404)
Resumen:	The remote host is missing an update for the 'libmirage' package(s) announced via the MGASA-2019-0404 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libmirage' package(s) announced via the MGASA-2019-0404 advisory. Vulnerability Insight: Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user (CVE-2019-15540). NULL pointer dereference in the NRG parser (CVE-2019-15757). Affected Software/OS: 'libmirage' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15540 https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e https://sourceforge.net/p/cdemu/bugs/119/ https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/ SuSE Security Announcement: openSUSE-SU-2019:2033 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html SuSE Security Announcement: openSUSE-SU-2019:2040 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html SuSE Security Announcement: openSUSE-SU-2019:2077 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2019-15757 https://gist.github.com/andreafioraldi/343d9ba64060b548c02362a5e61ec932 https://sourceforge.net/p/cdemu/bugs/118/ SuSE Security Announcement: openSUSE-SU-2019:2095 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00025.html SuSE Security Announcement: openSUSE-SU-2019:2096 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:2129 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00037.html
Copyright	Copyright (C) 2022 Greenbone AG