Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0245
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0245)
Summary:	The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2014-0245 advisory.
Description:	Summary: The remote host is missing an update for the 'mumble' package(s) announced via the MGASA-2014-0245 advisory. Vulnerability Insight: Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be triggered remotely by an entity participating in a Mumble voice chat, using text messages, channel comments, user comments and user textures/avatars (CVE-2014-3755). In Mumble before 1.2.6, The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. In some situations, this could be abused to perform a Denial of Service attack on a Mumble client by causing it to load external files via the HTML (CVE-2014-3756). Affected Software/OS: 'mumble' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3755 BugTraq ID: 67400 http://www.securityfocus.com/bid/67400 https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814 http://www.openwall.com/lists/oss-security/2014/05/15/4 http://www.openwall.com/lists/oss-security/2014/05/15/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3756 BugTraq ID: 67401 http://www.securityfocus.com/bid/67401
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.