Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.60622

Kategorie: Gentoo Local Security Checks

Titel: Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)

Zusammenfassung: The remote host is missing updates announced in;advisory GLSA 200803-30.

Beschreibung: Summary:
The remote host is missing updates announced in
advisory GLSA 200803-30.

Vulnerability Insight:
An error in the usage of the ssl-cert eclass within multiple ebuilds might
allow for disclosure of generated SSL private keys.

Solution:
Upgrading to newer versions of the above packages will neither remove
possibly compromised SSL certificates, nor old binary packages. Please
remove the certificates installed by Portage, and then emerge an upgrade
to the package.

All Conserver users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=app-admin/conserver-8.1.16'

All Postfix 2.4 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.4.6-r2'

All Postfix 2.3 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.3.8-r1'

All Postfix 2.2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.2.11-r1'

All Netkit FTP Server users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-ftp/netkit-ftpd-0.17-r7'

All ejabberd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-im/ejabberd-1.1.3'

All UnrealIRCd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-irc/unrealircd-3.2.7-r2'

All Cyrus IMAP Server users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-mail/cyrus-imapd-2.3.9-r1'

All Dovecot users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.0.10'

All stunnel 4 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/stunnel-4.21'

All InterNetNews users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-nntp/inn-2.4.3-r1'

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-1383
BugTraq ID: 28350
http://www.securityfocus.com/bid/28350
http://security.gentoo.org/glsa/glsa-200803-30.xml
http://osvdb.org/43479
http://secunia.com/advisories/29436
XForce ISS Database: gentoo-docert-sslkey-weak-security(41336)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41336

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.60622
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200803-30.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200803-30. Vulnerability Insight: An error in the usage of the ssl-cert eclass within multiple ebuilds might allow for disclosure of generated SSL private keys. Solution: Upgrading to newer versions of the above packages will neither remove possibly compromised SSL certificates, nor old binary packages. Please remove the certificates installed by Portage, and then emerge an upgrade to the package. All Conserver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/conserver-8.1.16' All Postfix 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.4.6-r2' All Postfix 2.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.3.8-r1' All Postfix 2.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.2.11-r1' All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-ftp/netkit-ftpd-0.17-r7' All ejabberd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-im/ejabberd-1.1.3' All UnrealIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-irc/unrealircd-3.2.7-r2' All Cyrus IMAP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/cyrus-imapd-2.3.9-r1' All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.0.10' All stunnel 4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/stunnel-4.21' All InterNetNews users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-nntp/inn-2.4.3-r1' CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1383 BugTraq ID: 28350 http://www.securityfocus.com/bid/28350 http://security.gentoo.org/glsa/glsa-200803-30.xml http://osvdb.org/43479 http://secunia.com/advisories/29436 XForce ISS Database: gentoo-docert-sslkey-weak-security(41336) https://exchange.xforce.ibmcloud.com/vulnerabilities/41336
Copyright	Copyright (C) 2008 E-Soft Inc.