 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.131224 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2016-0054) |
| Zusammenfassung: | The remote host is missing an update for the 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) announced via the MGASA-2016-0054 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) announced via the MGASA-2016-0054 advisory. Vulnerability Insight: Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message (CVE-2015-5291). Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session (CVE-2015-8036). The mbedtls package has been updated to version 1.3.16, which contains several other bug fixes, security fixes, and security enhancements. The hiawatha package, which uses the polarssl/mbedtls library, has been updated to version 9.13 for improved compatibility. The belle-sip library package has been updated to version 1.4.2 for improved compatibility and the linphone package has been rebuilt against mbedtls. The pdns package has also been rebuilt against mbedtls. Affected Software/OS: 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5291 Debian Security Information: DSA-3468 (Google Search) http://www.debian.org/security/2016/dsa-3468 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html https://security.gentoo.org/glsa/201706-18 https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/ SuSE Security Announcement: openSUSE-SU-2015:2257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:2371 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8036 SuSE Security Announcement: openSUSE-SU-2016:1928 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |