Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0571
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0571)
Summary:	The remote host is missing an update for the 'olm' package(s) announced via the MGASA-2021-0571 advisory.
Description:	Summary: The remote host is missing an update for the 'olm' package(s) announced via the MGASA-2021-0571 advisory. Vulnerability Insight: Updated olm packages fix security vulnerability: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits (CVE-2021-44538). Affected Software/OS: 'olm' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-44538 Debian Security Information: DSA-5034 (Google Search) https://www.debian.org/security/2022/dsa-5034 https://gitlab.matrix.org/matrix-org/olm/-/tags https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.