VID |
14251 |
Severity |
40 |
Port |
22 |
Protocol |
TCP |
Class |
LSC |
Detailed Description |
The remote system does not apply CESA-2019:2773 which is thunderbird security update. The system which does not apply the update is affected by the following vulnerabilities :
- Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739)
- Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740)
- Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742)
- XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)
- Use-after-free while manipulating video (CVE-2019-11746)
- Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
- Cross-origin access to unload event attributes (CVE-2019-11743)
Note: This check solely relied on the thunderbird RPM version of the remote system to assess this vulnerability, so this might be a false positive.
* References: https://lists.centos.org/pipermail/centos-announce/2019-September/023410.html
* Platforms Affected: CentOS Linux Server (v. 7) |
Recommendation |
Update the affected packages. Launch the graphical update tool through System -> Administration -> Software Update
For a command line interface, use the following command to update the operating system: # yum update |
Related URL |
CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|