Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201406-10

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.121213

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201406-10

Resumen: Gentoo Linux Local Security Checks GLSA 201406-10

Descripción: Summary:
Gentoo Linux Local Security Checks GLSA 201406-10

Vulnerability Insight:
Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4362
1026359
http://www.securitytracker.com/id?1026359
18295
http://www.exploit-db.com/exploits/18295
20111224 Lighttpd Proof of Concept code for CVE-2011-4362
http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html
47260
http://secunia.com/advisories/47260
DSA-2368
http://www.debian.org/security/2011/dsa-2368
JVN#37417423
http://jvn.jp/en/jp/JVN37417423/index.html
[oss-security] 20111129 CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error
http://www.openwall.com/lists/oss-security/2011/11/29/8
[oss-security] 20111129 Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error
http://www.openwall.com/lists/oss-security/2011/11/29/13
http://blog.pi3.com.pl/?p=277
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
http://redmine.lighttpd.net/issues/2370
https://bugzilla.redhat.com/show_bug.cgi?id=758624
lighttpd-base64-dos(71536)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71536
Common Vulnerability Exposure (CVE) ID: CVE-2012-5533
BugTraq ID: 56619
http://www.securityfocus.com/bid/56619
http://www.exploit-db.com/exploits/22902
HPdes Security Advisory: HPSBGN03191
http://marc.info/?l=bugtraq&m=141576815022399&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2013:100
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch
http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html
http://www.openwall.com/lists/oss-security/2012/11/21/1
http://osvdb.org/87623
http://www.securitytracker.com/id?1027802
http://secunia.com/advisories/51268
http://secunia.com/advisories/51298
SuSE Security Announcement: openSUSE-SU-2012:1532 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00044.html
SuSE Security Announcement: openSUSE-SU-2014:0074 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00051.html
XForce ISS Database: lighttpd-httprequestsplitvalue-dos(80213)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80213
Common Vulnerability Exposure (CVE) ID: CVE-2013-4508
DSA-2795
https://www.debian.org/security/2013/dsa-2795
HPSBGN03191
[oss-security] 20131104 Re: CVE Request: lighttpd using vulnerable cipher suites with SNI
http://openwall.com/lists/oss-security/2013/11/04/19
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
http://redmine.lighttpd.net/issues/2525
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/
openSUSE-SU-2014:0072
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4559
55682
http://secunia.com/advisories/55682
[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)
http://www.openwall.com/lists/oss-security/2013/11/12/4
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
Common Vulnerability Exposure (CVE) ID: CVE-2013-4560
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt
Common Vulnerability Exposure (CVE) ID: CVE-2014-2323
Debian Security Information: DSA-2877 (Google Search)
http://www.debian.org/security/2014/dsa-2877
http://seclists.org/oss-sec/2014/q1/564
http://seclists.org/oss-sec/2014/q1/561
http://secunia.com/advisories/57404
http://secunia.com/advisories/57514
SuSE Security Announcement: SUSE-SU-2014:0474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:0449 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html
SuSE Security Announcement: openSUSE-SU-2014:0496 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.121213
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201406-10
Resumen:	Gentoo Linux Local Security Checks GLSA 201406-10
Descripción:	Summary: Gentoo Linux Local Security Checks GLSA 201406-10 Vulnerability Insight: Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4362 1026359 http://www.securitytracker.com/id?1026359 18295 http://www.exploit-db.com/exploits/18295 20111224 Lighttpd Proof of Concept code for CVE-2011-4362 http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html 47260 http://secunia.com/advisories/47260 DSA-2368 http://www.debian.org/security/2011/dsa-2368 JVN#37417423 http://jvn.jp/en/jp/JVN37417423/index.html [oss-security] 20111129 CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error http://www.openwall.com/lists/oss-security/2011/11/29/8 [oss-security] 20111129 Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error http://www.openwall.com/lists/oss-security/2011/11/29/13 http://blog.pi3.com.pl/?p=277 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt http://redmine.lighttpd.net/issues/2370 https://bugzilla.redhat.com/show_bug.cgi?id=758624 lighttpd-base64-dos(71536) https://exchange.xforce.ibmcloud.com/vulnerabilities/71536 Common Vulnerability Exposure (CVE) ID: CVE-2012-5533 BugTraq ID: 56619 http://www.securityfocus.com/bid/56619 http://www.exploit-db.com/exploits/22902 HPdes Security Advisory: HPSBGN03191 http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2013:100 http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html http://www.openwall.com/lists/oss-security/2012/11/21/1 http://osvdb.org/87623 http://www.securitytracker.com/id?1027802 http://secunia.com/advisories/51268 http://secunia.com/advisories/51298 SuSE Security Announcement: openSUSE-SU-2012:1532 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00044.html SuSE Security Announcement: openSUSE-SU-2014:0074 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00051.html XForce ISS Database: lighttpd-httprequestsplitvalue-dos(80213) https://exchange.xforce.ibmcloud.com/vulnerabilities/80213 Common Vulnerability Exposure (CVE) ID: CVE-2013-4508 DSA-2795 https://www.debian.org/security/2013/dsa-2795 HPSBGN03191 [oss-security] 20131104 Re: CVE Request: lighttpd using vulnerable cipher suites with SNI http://openwall.com/lists/oss-security/2013/11/04/19 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt http://redmine.lighttpd.net/issues/2525 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/ openSUSE-SU-2014:0072 http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4559 55682 http://secunia.com/advisories/55682 [oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) http://www.openwall.com/lists/oss-security/2013/11/12/4 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt https://kc.mcafee.com/corporate/index?page=content&id=SB10310 Common Vulnerability Exposure (CVE) ID: CVE-2013-4560 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-2323 Debian Security Information: DSA-2877 (Google Search) http://www.debian.org/security/2014/dsa-2877 http://seclists.org/oss-sec/2014/q1/564 http://seclists.org/oss-sec/2014/q1/561 http://secunia.com/advisories/57404 http://secunia.com/advisories/57514 SuSE Security Announcement: SUSE-SU-2014:0474 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html SuSE Security Announcement: openSUSE-SU-2014:0449 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html SuSE Security Announcement: openSUSE-SU-2014:0496 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html
Copyright	Copyright (C) 2015 Eero Volotinen