ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0157
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0157)
Resumen:	The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2022-0157 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2022-0157 advisory. Vulnerability Insight: The updated thunderbird packages fix security vulnerabilities: Use-after-free in NSSToken objects (CVE-2022-1097). Use-after-free after VR Process destruction (CVE-2022-1196). OpenPGP revocation information was ignored (CVE-2022-1197). Denial of Service via complex regular expressions (CVE-2022-24713). xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context (CVE-2022-25235). xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs (CVE-2022-25236). In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames (CVE-2022-25315). Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281). Use-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282). Incorrect AliasSet used in JIT Codegen (CVE-2022-28285). iframe contents could be rendered outside the border (CVE-2022-28286). Memory safety bugs fixed in Thunderbird 91.8 (CVE-2022-28289). Affected Software/OS: 'thunderbird, thunderbird-l10n' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1097 https://bugzilla.mozilla.org/show_bug.cgi?id=1745667 https://www.mozilla.org/security/advisories/mfsa2022-13/ https://www.mozilla.org/security/advisories/mfsa2022-14/ https://www.mozilla.org/security/advisories/mfsa2022-15/ Common Vulnerability Exposure (CVE) ID: CVE-2022-1196 https://bugzilla.mozilla.org/show_bug.cgi?id=1750679 Common Vulnerability Exposure (CVE) ID: CVE-2022-1197 https://bugzilla.mozilla.org/show_bug.cgi?id=1754985 Common Vulnerability Exposure (CVE) ID: CVE-2022-24713 https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 Debian Security Information: DSA-5113 (Google Search) https://www.debian.org/security/2022/dsa-5113 Debian Security Information: DSA-5118 (Google Search) https://www.debian.org/security/2022/dsa-5118 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/ https://security.gentoo.org/glsa/202208-08 https://security.gentoo.org/glsa/202208-14 https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2022-25235 https://security.netapp.com/advisory/ntap-20220303-0008/ Debian Security Information: DSA-5085 (Google Search) https://www.debian.org/security/2022/dsa-5085 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ https://security.gentoo.org/glsa/202209-24 https://github.com/libexpat/libexpat/pull/562 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html http://www.openwall.com/lists/oss-security/2022/02/19/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-25236 http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html https://github.com/libexpat/libexpat/pull/561 Common Vulnerability Exposure (CVE) ID: CVE-2022-25315 https://github.com/libexpat/libexpat/pull/559 Common Vulnerability Exposure (CVE) ID: CVE-2022-28281 https://bugzilla.mozilla.org/show_bug.cgi?id=1755621 Common Vulnerability Exposure (CVE) ID: CVE-2022-28282 https://bugzilla.mozilla.org/show_bug.cgi?id=1751609 Common Vulnerability Exposure (CVE) ID: CVE-2022-28285 https://bugzilla.mozilla.org/show_bug.cgi?id=1756957 Common Vulnerability Exposure (CVE) ID: CVE-2022-28286 https://bugzilla.mozilla.org/show_bug.cgi?id=1735265 Common Vulnerability Exposure (CVE) ID: CVE-2022-28289 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.