Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0334)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0334

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0334)

Resumen: The remote host is missing an update for the 'libx11, x11-proto-devel' package(s) announced via the MGASA-2020-0334 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libx11, x11-proto-devel' package(s) announced via the MGASA-2020-0334 advisory.

Vulnerability Insight:
The X Input Method (XIM) client implementation in libX11 has some integer
overflows and signed/unsigned comparison issues that can lead to heap
corruption when handling malformed messages from an input method
(CVE-2020-14344).

The libx11 package has been updated to version 1.6.10 which fixes this issue.

The x11-proto-devel package has been updated to remove the
'/usr/include/X11/extensions/XKBgeom.h' header file which has been moved to
the libx11-devel package.

Affected Software/OS:
'libx11, x11-proto-devel' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-14344
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/
https://security.gentoo.org/glsa/202008-18
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
https://www.openwall.com/lists/oss-security/2020/07/31/1
SuSE Security Announcement: openSUSE-SU-2020:1162 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html
SuSE Security Announcement: openSUSE-SU-2020:1164 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html
SuSE Security Announcement: openSUSE-SU-2020:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html
SuSE Security Announcement: openSUSE-SU-2020:1198 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html
https://usn.ubuntu.com/4487-1/
https://usn.ubuntu.com/4487-2/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0334
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0334)
Resumen:	The remote host is missing an update for the 'libx11, x11-proto-devel' package(s) announced via the MGASA-2020-0334 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libx11, x11-proto-devel' package(s) announced via the MGASA-2020-0334 advisory. Vulnerability Insight: The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method (CVE-2020-14344). The libx11 package has been updated to version 1.6.10 which fixes this issue. The x11-proto-devel package has been updated to remove the '/usr/include/X11/extensions/XKBgeom.h' header file which has been moved to the libx11-devel package. Affected Software/OS: 'libx11, x11-proto-devel' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14344 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/ https://security.gentoo.org/glsa/202008-18 https://lists.x.org/archives/xorg-announce/2020-July/003050.html https://www.openwall.com/lists/oss-security/2020/07/31/1 SuSE Security Announcement: openSUSE-SU-2020:1162 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html SuSE Security Announcement: openSUSE-SU-2020:1164 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:1182 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html SuSE Security Announcement: openSUSE-SU-2020:1198 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html https://usn.ubuntu.com/4487-1/ https://usn.ubuntu.com/4487-2/
Copyright	Copyright (C) 2022 Greenbone AG