Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0338)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.130048

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0338)

Zusammenfassung: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory.

Vulnerability Insight:
Updated lighttpd packages fix security vulnerability:

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary
log entries via a basic HTTP authentication string without a colon character,
as demonstrated by a string containing a NULL and new line character
(CVE-2015-3200).

The lighttpd package has been updated to version 1.4.37, fixing this issue and
several other bugs.

In the Mageia 4 package, improvements have been made to the logrotate
configuration and systemd service, allowing graceful reloading of
configuration files and proper re-opening of log files (mga#15948, mga#15980).

Affected Software/OS:
'lighttpd' package(s) on Mageia 4, Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3200
1032405
http://www.securitytracker.com/id/1032405
74813
http://www.securityfocus.com/bid/74813
FEDORA-2015-12250
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html
FEDORA-2015-12252
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html
http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
http://redmine.lighttpd.net/issues/2646
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://kc.mcafee.com/corporate/index?page=content&id=SB10310

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.130048
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0338)
Zusammenfassung:	The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory. Vulnerability Insight: Updated lighttpd packages fix security vulnerability: mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character (CVE-2015-3200). The lighttpd package has been updated to version 1.4.37, fixing this issue and several other bugs. In the Mageia 4 package, improvements have been made to the logrotate configuration and systemd service, allowing graceful reloading of configuration files and proper re-opening of log files (mga#15948, mga#15980). Affected Software/OS: 'lighttpd' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3200 1032405 http://www.securitytracker.com/id/1032405 74813 http://www.securityfocus.com/bid/74813 FEDORA-2015-12250 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html FEDORA-2015-12252 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html http://redmine.lighttpd.net/issues/2646 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 https://kc.mcafee.com/corporate/index?page=content&id=SB10310
Copyright	Copyright (C) 2015 Greenbone AG