 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.131224 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2016-0054) |
| Resumen: | The remote host is missing an update for the 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) announced via the MGASA-2016-0054 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) announced via the MGASA-2016-0054 advisory. Vulnerability Insight: Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message (CVE-2015-5291). Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session (CVE-2015-8036). The mbedtls package has been updated to version 1.3.16, which contains several other bug fixes, security fixes, and security enhancements. The hiawatha package, which uses the polarssl/mbedtls library, has been updated to version 9.13 for improved compatibility. The belle-sip library package has been updated to version 1.4.2 for improved compatibility and the linphone package has been rebuilt against mbedtls. The pdns package has also been rebuilt against mbedtls. Affected Software/OS: 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5291 Debian Security Information: DSA-3468 (Google Search) http://www.debian.org/security/2016/dsa-3468 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html https://security.gentoo.org/glsa/201706-18 https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/ SuSE Security Announcement: openSUSE-SU-2015:2257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:2371 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8036 SuSE Security Announcement: openSUSE-SU-2016:1928 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |