Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0548)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0548

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0548)

Zusammenfassung: The remote host is missing an update for the 'smack' package(s) announced via the MGASA-2014-0548 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'smack' package(s) announced via the MGASA-2014-0548 advisory.

Vulnerability Insight:
Updated smack packages fix security vulnerabilities:

The ServerTrustManager component in the Ignite Realtime Smack XMPP API
before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in
X.509 certificate chains from SSL servers, which allows man-in-the-middle
attackers to spoof servers and obtain sensitive information via a crafted
certificate chain (CVE-2014-0363).

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a
custom SSLContext is used, does not verify that the server hostname matches
a domain name in the subject's Common Name (CN) or subjectAltName field of
the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL
servers via an arbitrary valid certificate (CVE-2014-5075).

Affected Software/OS:
'smack' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0363
BugTraq ID: 67119
http://www.securityfocus.com/bid/67119
CERT/CC vulnerability note: VU#489228
http://www.kb.cert.org/vuls/id/489228
RedHat Security Advisories: RHSA-2015:1176
http://rhn.redhat.com/errata/RHSA-2015-1176.html
http://secunia.com/advisories/59290
http://secunia.com/advisories/59291
Common Vulnerability Exposure (CVE) ID: CVE-2014-5075
BugTraq ID: 69064
http://www.securityfocus.com/bid/69064
http://secunia.com/advisories/59915

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0548
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0548)
Zusammenfassung:	The remote host is missing an update for the 'smack' package(s) announced via the MGASA-2014-0548 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'smack' package(s) announced via the MGASA-2014-0548 advisory. Vulnerability Insight: Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain (CVE-2014-0363). The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate (CVE-2014-5075). Affected Software/OS: 'smack' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0363 BugTraq ID: 67119 http://www.securityfocus.com/bid/67119 CERT/CC vulnerability note: VU#489228 http://www.kb.cert.org/vuls/id/489228 RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 Common Vulnerability Exposure (CVE) ID: CVE-2014-5075 BugTraq ID: 69064 http://www.securityfocus.com/bid/69064 http://secunia.com/advisories/59915
Copyright	Copyright (C) 2022 Greenbone AG