Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0338)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.130048

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0338)

Resumen: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory.

Descripción: Summary:
The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory.

Vulnerability Insight:
Updated lighttpd packages fix security vulnerability:

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary
log entries via a basic HTTP authentication string without a colon character,
as demonstrated by a string containing a NULL and new line character
(CVE-2015-3200).

The lighttpd package has been updated to version 1.4.37, fixing this issue and
several other bugs.

In the Mageia 4 package, improvements have been made to the logrotate
configuration and systemd service, allowing graceful reloading of
configuration files and proper re-opening of log files (mga#15948, mga#15980).

Affected Software/OS:
'lighttpd' package(s) on Mageia 4, Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3200
1032405
http://www.securitytracker.com/id/1032405
74813
http://www.securityfocus.com/bid/74813
FEDORA-2015-12250
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html
FEDORA-2015-12252
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html
http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
http://redmine.lighttpd.net/issues/2646
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://kc.mcafee.com/corporate/index?page=content&id=SB10310

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.130048
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0338)
Resumen:	The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory.
Descripción:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2015-0338 advisory. Vulnerability Insight: Updated lighttpd packages fix security vulnerability: mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character (CVE-2015-3200). The lighttpd package has been updated to version 1.4.37, fixing this issue and several other bugs. In the Mageia 4 package, improvements have been made to the logrotate configuration and systemd service, allowing graceful reloading of configuration files and proper re-opening of log files (mga#15948, mga#15980). Affected Software/OS: 'lighttpd' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3200 1032405 http://www.securitytracker.com/id/1032405 74813 http://www.securityfocus.com/bid/74813 FEDORA-2015-12250 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html FEDORA-2015-12252 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html http://redmine.lighttpd.net/issues/2646 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 https://kc.mcafee.com/corporate/index?page=content&id=SB10310
Copyright	Copyright (C) 2015 Greenbone AG