{ "schema_version": "1.7.0", "id": "MGASA-2015-0001", "published": "2015-01-05T16:30:30Z", "modified": "2015-01-05T16:22:22Z", "summary": "Updated openvas-manager packages fix security vulnerability", "details": "Updated openvas-manager packages fixes security vulnerability:\n\nIt has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql\ninjections due to a improper handling of the timezone parameter in\nmodify_schedule OMP command. It has been identified that this vulnerability\nmay allow read-access via sql for authorized user account which have\npermission to modify schedule objects (CVE-2014-9220).\n", "upstream": [ "CVE-2014-9220" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0001.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14718" }, { "type": "WEB", "url": "http://www.openvas.org/OVSA20141128.html" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2014/12/03/1" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "openvas-manager", "purl": "pkg:rpm/mageia/openvas-manager?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.0.6-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "openvas-libraries", "purl": "pkg:rpm/mageia/openvas-libraries?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.0.3-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }