Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0226)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0226

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0226)

Resumen: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2020-0226 advisory.

Descripción: Summary:
The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2020-0226 advisory.

Vulnerability Insight:
Updated clamav packages fix security vulnerabilities:

Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2
that could cause a denial-of-service condition. Improper bounds checking
of an unsigned variable results in an out-of-bounds read which causes a
crash. Special thanks to Daehui Chang and Fady Othman for helping identify
the ARJ parsing vulnerability (CVE-2020-3327).

Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2
that could cause a denial-of-service condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an
out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this
vulnerability (CVE-2020-3341)

Affected Software/OS:
'clamav' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-3327
Cisco Security Advisory: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/
https://security.gentoo.org/glsa/202007-23
https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html
https://usn.ubuntu.com/4370-1/
https://usn.ubuntu.com/4370-2/
https://usn.ubuntu.com/4435-1/
https://usn.ubuntu.com/4435-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-3341

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0226
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0226)
Resumen:	The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2020-0226 advisory.
Descripción:	Summary: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2020-0226 advisory. Vulnerability Insight: Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability (CVE-2020-3327). Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability (CVE-2020-3341) Affected Software/OS: 'clamav' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-3327 Cisco Security Advisory: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/ https://security.gentoo.org/glsa/202007-23 https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://usn.ubuntu.com/4370-1/ https://usn.ubuntu.com/4370-2/ https://usn.ubuntu.com/4435-1/ https://usn.ubuntu.com/4435-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-3341
Copyright	Copyright (C) 2022 Greenbone AG