Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0429
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0429)
Zusammenfassung:	The remote host is missing an update for the 'python-asn1crypto, python-cffi, python-cryptography, python-cryptography-vectors' package(s) announced via the MGASA-2018-0429 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-asn1crypto, python-cffi, python-cryptography, python-cryptography-vectors' package(s) announced via the MGASA-2018-0429 advisory. Vulnerability Insight: The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage (CVE-2018-10903). Affected Software/OS: 'python-asn1crypto, python-cffi, python-cryptography, python-cryptography-vectors' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10903 RedHat Security Advisories: RHSA-2018:3600 https://access.redhat.com/errata/RHSA-2018:3600 https://usn.ubuntu.com/3720-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.