Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0032)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0032

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0032)

Resumen: The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

A NULL pointer dereference was discovered in newVar3 in util/decompile.c
in libming 0.4.8. The vulnerability causes a segmentation fault and
application crash, which leads to denial of service. (CVE-2018-7866)

There is a heap-based buffer overflow in the getString function of
util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input
will lead to a denial of service attack. (CVE-2018-7873)

In libming 0.4.8, a memory exhaustion vulnerability was found in the
function parseSWF_ACTIONRECORD in util/parser.c, which allows remote
attackers to cause a denial of service via a crafted file.
(CVE-2018-7876)

In libming 0.4.8, there is a use-after-free in the decompileJUMP function
of the decompile.c file. (CVE-2018-9009)

libming 0.4.8 has a NULL pointer dereference in the getInt function of the
decompile.c file. Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted swf file. (CVE-2018-9132)

Affected Software/OS:
'ming' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-7866
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47KZ5RYWQMBN5DVDITBVRDNDCSFNBJ3V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260
https://github.com/libming/libming/issues/118
https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7873
https://github.com/libming/libming/issues/111
Common Vulnerability Exposure (CVE) ID: CVE-2018-7876
https://github.com/libming/libming/issues/109
Common Vulnerability Exposure (CVE) ID: CVE-2018-9009
https://github.com/libming/libming/issues/131
Common Vulnerability Exposure (CVE) ID: CVE-2018-9132
https://github.com/libming/libming/issues/133

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0032
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0032)
Resumen:	The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ming' package(s) announced via the MGASA-2020-0032 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866) There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. (CVE-2018-7873) In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. (CVE-2018-7876) In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. (CVE-2018-9009) libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. (CVE-2018-9132) Affected Software/OS: 'ming' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7866 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47KZ5RYWQMBN5DVDITBVRDNDCSFNBJ3V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260 https://github.com/libming/libming/issues/118 https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2018-7873 https://github.com/libming/libming/issues/111 Common Vulnerability Exposure (CVE) ID: CVE-2018-7876 https://github.com/libming/libming/issues/109 Common Vulnerability Exposure (CVE) ID: CVE-2018-9009 https://github.com/libming/libming/issues/131 Common Vulnerability Exposure (CVE) ID: CVE-2018-9132 https://github.com/libming/libming/issues/133
Copyright	Copyright (C) 2022 Greenbone AG