ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0395
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0395)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2020-0395 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2020-0395 advisory. Vulnerability Insight: Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-15683). A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash (CVE-2020-15969). A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58 (CVE-2020-25648). Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15683 Debian Security Information: DSA-4780 (Google Search) https://www.debian.org/security/2020/dsa-4780 https://security.gentoo.org/glsa/202010-08 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140 https://www.mozilla.org/security/advisories/mfsa2020-45/ https://www.mozilla.org/security/advisories/mfsa2020-46/ https://www.mozilla.org/security/advisories/mfsa2020-47/ https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html SuSE Security Announcement: openSUSE-SU-2020:1732 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html SuSE Security Announcement: openSUSE-SU-2020:1748 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html SuSE Security Announcement: openSUSE-SU-2020:1780 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html SuSE Security Announcement: openSUSE-SU-2020:1785 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html Common Vulnerability Exposure (CVE) ID: CVE-2020-15969 Debian Security Information: DSA-4824 (Google Search) https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/ http://seclists.org/fulldisclosure/2020/Dec/24 http://seclists.org/fulldisclosure/2020/Dec/26 http://seclists.org/fulldisclosure/2020/Dec/27 http://seclists.org/fulldisclosure/2020/Dec/29 http://seclists.org/fulldisclosure/2020/Dec/30 https://security.gentoo.org/glsa/202101-30 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html https://crbug.com/1124659 SuSE Security Announcement: openSUSE-SU-2020:1829 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2020-25648 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/ https://bugzilla.redhat.com/show_bug.cgi?id=1887319 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.