Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0044)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0044

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0044)

Resumen: The remote host is missing an update for the 'kdebase4-runtime' package(s) announced via the MGASA-2015-0044 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kdebase4-runtime' package(s) announced via the MGASA-2015-0044 advisory.

Vulnerability Insight:
Updated kdebase4-runtime packages fix security vulnerability:

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB
mode instead of CBC mode when encrypting the password store, which makes it
easier for attackers to guess passwords via a codebook attack (CVE-2013-7252).

This update also fixes some additional issues:
- encoding in KDEsuDialog (mga#14851)
- kio_sftp can corrupts files when reading (bko#342391)
- use euro currency for Lithuania
- save the default file manager, email client and browser in mimeapps.list
[Default Applications] for a better interoperability with most of GTK
applications (mga#4461)

Affected Software/OS:
'kdebase4-runtime' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-7252
67716
http://www.securityfocus.com/bid/67716
GLSA-201606-19
https://security.gentoo.org/glsa/201606-19
[oss-security] 20140102 kwallet crypto misuse
http://www.openwall.com/lists/oss-security/2014/01/02/3
[oss-security] 20150109 Re: CVE Request: kwallet: incorrect CBC encryption handling
http://www.openwall.com/lists/oss-security/2015/01/09/7
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
https://bugzilla.redhat.com/show_bug.cgi?id=1048168
https://www.kde.org/info/security/advisory-20150109-1.txt

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0044
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0044)
Resumen:	The remote host is missing an update for the 'kdebase4-runtime' package(s) announced via the MGASA-2015-0044 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kdebase4-runtime' package(s) announced via the MGASA-2015-0044 advisory. Vulnerability Insight: Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack (CVE-2013-7252). This update also fixes some additional issues: - encoding in KDEsuDialog (mga#14851) - kio_sftp can corrupts files when reading (bko#342391) - use euro currency for Lithuania - save the default file manager, email client and browser in mimeapps.list [Default Applications] for a better interoperability with most of GTK applications (mga#4461) Affected Software/OS: 'kdebase4-runtime' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7252 67716 http://www.securityfocus.com/bid/67716 GLSA-201606-19 https://security.gentoo.org/glsa/201606-19 [oss-security] 20140102 kwallet crypto misuse http://www.openwall.com/lists/oss-security/2014/01/02/3 [oss-security] 20150109 Re: CVE Request: kwallet: incorrect CBC encryption handling http://www.openwall.com/lists/oss-security/2015/01/09/7 http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/ https://bugzilla.redhat.com/show_bug.cgi?id=1048168 https://www.kde.org/info/security/advisory-20150109-1.txt
Copyright	Copyright (C) 2022 Greenbone AG