Test ID:	1.3.6.1.4.1.25623.1.1.10.2015.0234
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0234)
Summary:	The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts, sqlite3, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2015-0234 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts, sqlite3, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2015-0234 advisory. Vulnerability Insight: Updated firefox, thunderbird, and sqlite3 packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713). A heap-based buffer overflow flaw was found in the way Firefox and Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox or Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running it (CVE-2015-2716). SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement (CVE-2015-3414). The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement (CVE-2015-3415). The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement (CVE-2015-3416). The sqlite3 package has been updated to version 3.10.8, fixing the CVE-2015-3414, CVE-2015-3415, and CVE-2015-3416 security issues, also fixing heap overflow and other possible issues found by fuzzing, as well as containing many other bug fixes and enhancements. The nss package has been updated to version 3.19, containing multiple root certificate updates, security enhancements, and other bug fixes. Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts, sqlite3, thunderbird, thunderbird-l10n' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2708 BugTraq ID: 74615 http://www.securityfocus.com/bid/74615 Debian Security Information: DSA-3260 (Google Search) http://www.debian.org/security/2015/dsa-3260 Debian Security Information: DSA-3264 (Google Search) http://www.debian.org/security/2015/dsa-3264 https://security.gentoo.org/glsa/201605-06 RedHat Security Advisories: RHSA-2015:0988 http://rhn.redhat.com/errata/RHSA-2015-0988.html RedHat Security Advisories: RHSA-2015:1012 http://rhn.redhat.com/errata/RHSA-2015-1012.html SuSE Security Announcement: SUSE-SU-2015:0960 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html SuSE Security Announcement: SUSE-SU-2015:0978 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0892 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html SuSE Security Announcement: openSUSE-SU-2015:0934 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2602-1 http://www.ubuntu.com/usn/USN-2603-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2710 BugTraq ID: 74611 http://www.securityfocus.com/bid/74611 Common Vulnerability Exposure (CVE) ID: CVE-2015-2713 Common Vulnerability Exposure (CVE) ID: CVE-2015-2716 Common Vulnerability Exposure (CVE) ID: CVE-2015-3414 http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 74228 http://www.securityfocus.com/bid/74228 Debian Security Information: DSA-3252 (Google Search) http://www.debian.org/security/2015/dsa-3252 http://seclists.org/fulldisclosure/2015/Apr/31 https://security.gentoo.org/glsa/201507-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:217 RedHat Security Advisories: RHSA-2015:1635 http://rhn.redhat.com/errata/RHSA-2015-1635.html http://www.securitytracker.com/id/1033703 http://www.ubuntu.com/usn/USN-2698-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3415 Common Vulnerability Exposure (CVE) ID: CVE-2015-3416 RedHat Security Advisories: RHSA-2015:1634 http://rhn.redhat.com/errata/RHSA-2015-1634.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.