Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0041)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0041

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0041)

Resumen: The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory.

Descripción: Summary:
The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory.

Vulnerability Insight:
Multiple integer overflows have been discovered in the array allocations in
the p11-kit library and the p11-kit list command, where overflow checks are
missing before calling realloc or calloc (CVE-2020-29361).

A heap-based buffer over-read has been discovered in the RPC protocol used by
the p11-kit server/remote commands and the client library. When the remote
entity supplies a byte array through a serialized PKCS#11 function call, the
receiving entity may allow the reading of up to 4 bytes of memory past the
heap allocation (CVE-2020-29362).

A heap-based buffer overflow has been discovered in the RPC protocol used by
p11-kit server/remote commands and the client library. When the remote entity
supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may
not allocate sufficient length for the buffer to store the deserialized value
(CVE-2020-29363).

Affected Software/OS:
'p11-kit' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-29361
Debian Security Information: DSA-4822 (Google Search)
https://www.debian.org/security/2021/dsa-4822
https://github.com/p11-glue/p11-kit/releases
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-29362
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
Common Vulnerability Exposure (CVE) ID: CVE-2020-29363
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
https://www.oracle.com/security-alerts/cpuapr2022.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0041
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0041)
Resumen:	The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory.
Descripción:	Summary: The remote host is missing an update for the 'p11-kit' package(s) announced via the MGASA-2021-0041 advisory. Vulnerability Insight: Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc (CVE-2020-29361). A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation (CVE-2020-29362). A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value (CVE-2020-29363). Affected Software/OS: 'p11-kit' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-29361 Debian Security Information: DSA-4822 (Google Search) https://www.debian.org/security/2021/dsa-4822 https://github.com/p11-glue/p11-kit/releases https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2020-29362 https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc Common Vulnerability Exposure (CVE) ID: CVE-2020-29363 https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x https://www.oracle.com/security-alerts/cpuapr2022.html
Copyright	Copyright (C) 2022 Greenbone AG