Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0119
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0119)
Zusammenfassung:	The remote host is missing an update for the 'libssh' package(s) announced via the MGASA-2014-0119 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libssh' package(s) announced via the MGASA-2014-0119 advisory. Vulnerability Insight: When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. The most important consequence is that servers using EC (ECDSA) or DSA certificates may under certain conditions leak their private key (CVE-2014-0017). Affected Software/OS: 'libssh' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0017 57407 http://secunia.com/advisories/57407 DSA-2879 http://www.debian.org/security/2014/dsa-2879 USN-2145-1 http://www.ubuntu.com/usn/USN-2145-1 [oss-security] 20140305 libssh and stunnel PRNG flaws http://www.openwall.com/lists/oss-security/2014/03/05/1 http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/ https://bugzilla.redhat.com/show_bug.cgi?id=1072191 openSUSE-SU-2014:0366 http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html openSUSE-SU-2014:0370 http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.