SuSE Local Security Checks : openSUSE: Security Advisory for dosbox (openSUSE-SU-2019:1905-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.852655

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for dosbox (openSUSE-SU-2019:1905-1)

Zusammenfassung: The remote host is missing an update for the 'dosbox'; package(s) announced via the openSUSE-SU-2019:1905-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'dosbox'
package(s) announced via the openSUSE-SU-2019:1905-1 advisory.

Vulnerability Insight:
This update for dosbox fixes the following issues:

Security issues fixed:

- CVE-2019-7165: Fixed that a very long line inside a bat file would
overflow the parsing buffer (bnc#1140254).

- CVE-2019-12594: Added a basic permission system so that a program
running inside DOSBox can't access the contents of /proc (e.g.
/proc/self/mem) when / or /proc were (to be) mounted (bnc#1140254).

- Several other fixes for out of bounds access and buffer overflows.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1905=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1905=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1905=1

Affected Software/OS:
'dosbox' package(s) on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-7165
Bugtraq: 20190712 [SECURITY] [DSA 4478-1] dosbox security update (Google Search)
https://seclists.org/bugtraq/2019/Jul/14
Debian Security Information: DSA-4478 (Google Search)
https://www.debian.org/security/2019/dsa-4478
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYV27Z3QZTDHUZJLW3LDJYO7HBVIMJ5F/
https://security-tracker.debian.org/tracker/CVE-2019-7165
https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2019:1905 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00047.html
SuSE Security Announcement: openSUSE-SU-2019:1920 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00053.html

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.852655
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for dosbox (openSUSE-SU-2019:1905-1)
Zusammenfassung:	The remote host is missing an update for the 'dosbox'; package(s) announced via the openSUSE-SU-2019:1905-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dosbox' package(s) announced via the openSUSE-SU-2019:1905-1 advisory. Vulnerability Insight: This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer (bnc#1140254). - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted (bnc#1140254). - Several other fixes for out of bounds access and buffer overflows. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1905=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1905=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-1905=1 Affected Software/OS: 'dosbox' package(s) on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-7165 Bugtraq: 20190712 [SECURITY] [DSA 4478-1] dosbox security update (Google Search) https://seclists.org/bugtraq/2019/Jul/14 Debian Security Information: DSA-4478 (Google Search) https://www.debian.org/security/2019/dsa-4478 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYV27Z3QZTDHUZJLW3LDJYO7HBVIMJ5F/ https://security-tracker.debian.org/tracker/CVE-2019-7165 https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1905 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00047.html SuSE Security Announcement: openSUSE-SU-2019:1920 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00053.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH