Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0015
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0015)
Zusammenfassung:	The remote host is missing an update for the 'erlang' package(s) announced via the MGASA-2024-0015 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'erlang' package(s) announced via the MGASA-2024-0015 advisory. Vulnerability Insight: The updated packages fix a security vulnerability: Prefix Truncation Attacks in SSH Specification (Terrapin Attack): erlang-ssh. (CVE-2023-48795) Affected Software/OS: 'erlang' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.4 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-48795 Debian Security Information: DSA-5586 (Google Search) https://www.debian.org/security/2023/dsa-5586 Debian Security Information: DSA-5588 (Google Search) https://www.debian.org/security/2023/dsa-5588 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ http://seclists.org/fulldisclosure/2024/Mar/21 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html https://access.redhat.com/security/cve/cve-2023-48795 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://gitlab.com/libssh/libssh-mirror/-/tags https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://oryx-embedded.com/download/#changelog https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.