Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0392)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.130001

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0392)

Resumen: The remote host is missing an update for the 'httpcomponents-client, jakarta-commons-httpclient' package(s) announced via the MGASA-2015-0392 advisory.

Descripción: Summary:
The remote host is missing an update for the 'httpcomponents-client, jakarta-commons-httpclient' package(s) announced via the MGASA-2015-0392 advisory.

Vulnerability Insight:
The Apache httpclient library had a bug where the socket timeout was
ignored during the SSL handshake, causing threads in an application to
hang (CVE-2015-5262).

Affected Software/OS:
'httpcomponents-client, jakarta-commons-httpclient' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5262
1033743
http://www.securitytracker.com/id/1033743
FEDORA-2015-15588
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168030.html
FEDORA-2015-15589
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167999.html
FEDORA-2015-15590
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167962.html
USN-2769-1
http://www.ubuntu.com/usn/USN-2769-1
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1626784
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://bugzilla.redhat.com/show_bug.cgi?id=1261538
https://issues.apache.org/jira/browse/HTTPCLIENT-1478
https://jenkins.io/security/advisory/2018-02-26/
openSUSE-SU-2020:1873
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html
openSUSE-SU-2020:1875
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.130001
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0392)
Resumen:	The remote host is missing an update for the 'httpcomponents-client, jakarta-commons-httpclient' package(s) announced via the MGASA-2015-0392 advisory.
Descripción:	Summary: The remote host is missing an update for the 'httpcomponents-client, jakarta-commons-httpclient' package(s) announced via the MGASA-2015-0392 advisory. Vulnerability Insight: The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang (CVE-2015-5262). Affected Software/OS: 'httpcomponents-client, jakarta-commons-httpclient' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5262 1033743 http://www.securitytracker.com/id/1033743 FEDORA-2015-15588 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168030.html FEDORA-2015-15589 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167999.html FEDORA-2015-15590 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167962.html USN-2769-1 http://www.ubuntu.com/usn/USN-2769-1 [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E http://svn.apache.org/viewvc?view=revision&revision=1626784 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://bugzilla.redhat.com/show_bug.cgi?id=1261538 https://issues.apache.org/jira/browse/HTTPCLIENT-1478 https://jenkins.io/security/advisory/2018-02-26/ openSUSE-SU-2020:1873 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html openSUSE-SU-2020:1875 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
Copyright	Copyright (C) 2015 Greenbone AG