Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0487)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131170

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0487)

Resumen: The remote host is missing an update for the 'bouncycastle' package(s) announced via the MGASA-2015-0487 advisory.

Descripción: Summary:
The remote host is missing an update for the 'bouncycastle' package(s) announced via the MGASA-2015-0487 advisory.

Vulnerability Insight:
The Bouncy Castle Java library before 1.51 does not validate a point is within
the elliptic curve, which makes it easier for remote attackers to obtain
private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key
exchanges, aka an 'invalid curve attack' (CVE-2015-7940).

Affected Software/OS:
'bouncycastle' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-7940
BugTraq ID: 79091
http://www.securityfocus.com/bid/79091
Debian Security Information: DSA-3417 (Google Search)
http://www.debian.org/security/2015/dsa-3417
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
https://www.oracle.com/security-alerts/cpuapr2020.html
http://www.openwall.com/lists/oss-security/2015/10/22/7
http://www.openwall.com/lists/oss-security/2015/10/22/9
RedHat Security Advisories: RHSA-2016:2035
http://rhn.redhat.com/errata/RHSA-2016-2035.html
RedHat Security Advisories: RHSA-2016:2036
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1037036
http://www.securitytracker.com/id/1037046
http://www.securitytracker.com/id/1037053
SuSE Security Announcement: openSUSE-SU-2015:1911 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
https://usn.ubuntu.com/3727-1/

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131170
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0487)
Resumen:	The remote host is missing an update for the 'bouncycastle' package(s) announced via the MGASA-2015-0487 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bouncycastle' package(s) announced via the MGASA-2015-0487 advisory. Vulnerability Insight: The Bouncy Castle Java library before 1.51 does not validate a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an 'invalid curve attack' (CVE-2015-7940). Affected Software/OS: 'bouncycastle' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7940 BugTraq ID: 79091 http://www.securityfocus.com/bid/79091 Debian Security Information: DSA-3417 (Google Search) http://www.debian.org/security/2015/dsa-3417 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html https://www.oracle.com/security-alerts/cpuapr2020.html http://www.openwall.com/lists/oss-security/2015/10/22/7 http://www.openwall.com/lists/oss-security/2015/10/22/9 RedHat Security Advisories: RHSA-2016:2035 http://rhn.redhat.com/errata/RHSA-2016-2035.html RedHat Security Advisories: RHSA-2016:2036 http://rhn.redhat.com/errata/RHSA-2016-2036.html http://www.securitytracker.com/id/1037036 http://www.securitytracker.com/id/1037046 http://www.securitytracker.com/id/1037053 SuSE Security Announcement: openSUSE-SU-2015:1911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html https://usn.ubuntu.com/3727-1/
Copyright	Copyright (C) 2015 Greenbone AG