Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0423)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2016.0423

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2016-0423)

Zusammenfassung: The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2016-0423 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2016-0423 advisory.

Vulnerability Insight:
Incorrect processing of responses to If-None-Modified HTTP conditional
requests leads to client-specific Cookie data being leaked to other
clients. Attack requests can easily be crafted by a client to probe a
cache for this information (CVE-2016-10002).

Incorrect HTTP Request header comparison results in Collapsed Forwarding
feature mistakenly identifying some private responses as being suitable
for delivery to multiple clients (CVE-2016-10003).

Affected Software/OS:
'squid' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-10002
BugTraq ID: 94953
http://www.securityfocus.com/bid/94953
Debian Security Information: DSA-3745 (Google Search)
http://www.debian.org/security/2016/dsa-3745
http://www.openwall.com/lists/oss-security/2016/12/18/1
RedHat Security Advisories: RHSA-2017:0182
http://rhn.redhat.com/errata/RHSA-2017-0182.html
RedHat Security Advisories: RHSA-2017:0183
http://rhn.redhat.com/errata/RHSA-2017-0183.html
http://www.securitytracker.com/id/1037513
Common Vulnerability Exposure (CVE) ID: CVE-2016-10003
http://www.securitytracker.com/id/1037512

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2016.0423
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0423)
Zusammenfassung:	The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2016-0423 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2016-0423 advisory. Vulnerability Insight: Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information (CVE-2016-10002). Incorrect HTTP Request header comparison results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients (CVE-2016-10003). Affected Software/OS: 'squid' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10002 BugTraq ID: 94953 http://www.securityfocus.com/bid/94953 Debian Security Information: DSA-3745 (Google Search) http://www.debian.org/security/2016/dsa-3745 http://www.openwall.com/lists/oss-security/2016/12/18/1 RedHat Security Advisories: RHSA-2017:0182 http://rhn.redhat.com/errata/RHSA-2017-0182.html RedHat Security Advisories: RHSA-2017:0183 http://rhn.redhat.com/errata/RHSA-2017-0183.html http://www.securitytracker.com/id/1037513 Common Vulnerability Exposure (CVE) ID: CVE-2016-10003 http://www.securitytracker.com/id/1037512
Copyright	Copyright (C) 2022 Greenbone AG