Test Kennung:	1.3.6.1.4.1.25623.1.0.64688
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)
Zusammenfassung:	The remote host is missing an update to mozilla-thunderbird;announced via advisory MDVSA-2009:216.
Beschreibung:	Summary: The remote host is missing an update to mozilla-thunderbird announced via advisory MDVSA-2009:216. Vulnerability Insight: A number of security vulnerabilities have been discovered in the NSS and NSPR libraries and in Mozilla Thunderbird: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest versions of the NSS and NSPR libraries and Thunderbird which are not vulnerable to these issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1022632 http://www.securitytracker.com/id?1022632 36088 http://secunia.com/advisories/36088 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 37098 http://secunia.com/advisories/37098 56723 http://osvdb.org/56723 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [oss-security] 20090903 More CVE-2009-2408 like issues http://marc.info/?l=oss-security&m=125198917018936&w=2 http://isc.sans.org/diary.html?storyid=7003 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h http://www.wired.com/threatlevel/2009/07/kaminsky/ https://bugzilla.redhat.com/show_bug.cgi?id=510251 oval:org.mitre.oval:def:10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 oval:org.mitre.oval:def:8458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Common Vulnerability Exposure (CVE) ID: CVE-2009-2409 1022631 http://www.securitytracker.com/id?1022631 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 36739 http://secunia.com/advisories/36739 37386 http://secunia.com/advisories/37386 42467 http://secunia.com/advisories/42467 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1888 https://www.debian.org/security/2009/dsa-1888 GLSA-200911-02 http://security.gentoo.org/glsa/glsa-200911-02.xml GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml MDVSA-2009:258 http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://support.apple.com/kb/HT3937 http://www.vmware.com/security/advisories/VMSA-2010-0019.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 oval:org.mitre.oval:def:10763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 oval:org.mitre.oval:def:6631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 oval:org.mitre.oval:def:7155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 oval:org.mitre.oval:def:8594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 Common Vulnerability Exposure (CVE) ID: CVE-2009-2404 1021699 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 273910 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 35891 http://www.securityfocus.com/bid/35891 36102 http://secunia.com/advisories/36102 39428 http://secunia.com/advisories/39428 RHSA-2009:1185 http://rhn.redhat.com/errata/RHSA-2009-1185.html TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf http://www.mozilla.org/security/announce/2009/mfsa2009-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://bugzilla.redhat.com/show_bug.cgi?id=512912 oval:org.mitre.oval:def:11174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 oval:org.mitre.oval:def:8658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658 Common Vulnerability Exposure (CVE) ID: CVE-2009-2625 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35958 http://www.securityfocus.com/bid/35958 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-012A http://www.us-cert.gov/cas/techalerts/TA10-012A.html Debian Security Information: DSA-1984 (Google Search) http://www.debian.org/security/2010/dsa-1984 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.mandriva.com/security/advisories?name=MDVSA-2011:108 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356 RedHat Security Advisories: RHSA-2009:1199 https://rhn.redhat.com/errata/RHSA-2009-1199.html RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html http://www.redhat.com/support/errata/RHSA-2009-1615.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2011-0858.html RedHat Security Advisories: RHSA-2012:1232 http://rhn.redhat.com/errata/RHSA-2012-1232.html RedHat Security Advisories: RHSA-2012:1537 http://rhn.redhat.com/errata/RHSA-2012-1537.html http://www.securitytracker.com/id?1022680 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37300 http://secunia.com/advisories/37460 http://secunia.com/advisories/37671 http://secunia.com/advisories/37754 http://secunia.com/advisories/38231 http://secunia.com/advisories/38342 http://secunia.com/advisories/43300 http://secunia.com/advisories/50549 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3316 http://www.vupen.com/english/advisories/2011/0359
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.