Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0339)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0339

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0339)

Resumen: The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2014-0339 advisory.

Descripción: Summary:
The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2014-0339 advisory.

Vulnerability Insight:
Updated subversion packages fix security vulnerabilities:

Ben Reser discovered that Subversion did not correctly validate SSL
certificates containing wildcards. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications (CVE-2014-3522).

Bert Huijben discovered that Subversion did not properly handle cached
credentials. A malicious server could possibly use this issue to obtain
credentials cached for a different server (CVE-2014-3528).

The subversion package has been updated to 1.8.10 to fix these issues and
other bugs.

Affected Software/OS:
'subversion' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3522
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
BugTraq ID: 69237
http://www.securityfocus.com/bid/69237
https://security.gentoo.org/glsa/201610-05
http://www.osvdb.org/109996
http://secunia.com/advisories/59432
http://secunia.com/advisories/59584
http://secunia.com/advisories/60100
http://secunia.com/advisories/60722
SuSE Security Announcement: openSUSE-SU-2014:1059 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
http://www.ubuntu.com/usn/USN-2316-1
XForce ISS Database: apache-subversion-cve20143522-spoofing(95311)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
XForce ISS Database: apache-subversion-cve20143528-info-disc(95090)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
Common Vulnerability Exposure (CVE) ID: CVE-2014-3528
BugTraq ID: 68995
http://www.securityfocus.com/bid/68995
RedHat Security Advisories: RHSA-2015:0165
http://rhn.redhat.com/errata/RHSA-2015-0165.html
RedHat Security Advisories: RHSA-2015:0166
http://rhn.redhat.com/errata/RHSA-2015-0166.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0339
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0339)
Resumen:	The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2014-0339 advisory.
Descripción:	Summary: The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2014-0339 advisory. Vulnerability Insight: Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). The subversion package has been updated to 1.8.10 to fix these issues and other bugs. Affected Software/OS: 'subversion' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3522 http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html BugTraq ID: 69237 http://www.securityfocus.com/bid/69237 https://security.gentoo.org/glsa/201610-05 http://www.osvdb.org/109996 http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60100 http://secunia.com/advisories/60722 SuSE Security Announcement: openSUSE-SU-2014:1059 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://www.ubuntu.com/usn/USN-2316-1 XForce ISS Database: apache-subversion-cve20143522-spoofing(95311) https://exchange.xforce.ibmcloud.com/vulnerabilities/95311 XForce ISS Database: apache-subversion-cve20143528-info-disc(95090) https://exchange.xforce.ibmcloud.com/vulnerabilities/95090 Common Vulnerability Exposure (CVE) ID: CVE-2014-3528 BugTraq ID: 68995 http://www.securityfocus.com/bid/68995 RedHat Security Advisories: RHSA-2015:0165 http://rhn.redhat.com/errata/RHSA-2015-0165.html RedHat Security Advisories: RHSA-2015:0166 http://rhn.redhat.com/errata/RHSA-2015-0166.html
Copyright	Copyright (C) 2022 Greenbone AG