Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0296)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0296

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0296)

Resumen: The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0296 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0296 advisory.

Vulnerability Insight:
Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and
vendors have implemented support for the 'Proxy' request header in their
respective CGI implementations and languages by creating the 'HTTP_PROXY'
environmental variable based on the header value. When this variable is
used (in many cases automatically by various HTTP client libraries) any
outgoing requests generated in turn from the attackers original request
can be redirected to an attacker controlled proxy. This allows attackers
to view potentially sensitive information, reply with malformed data, or
to hold connections open causing a potential denial of service.

Affected Software/OS:
'python, python3' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1000110
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/
https://security-tracker.debian.org/tracker/CVE-2016-1000110
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0296
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0296)
Resumen:	The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0296 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0296 advisory. Vulnerability Insight: Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the 'Proxy' request header in their respective CGI implementations and languages by creating the 'HTTP_PROXY' environmental variable based on the header value. When this variable is used (in many cases automatically by various HTTP client libraries) any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service. Affected Software/OS: 'python, python3' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1000110 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/ https://security-tracker.debian.org/tracker/CVE-2016-1000110 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Copyright	Copyright (C) 2022 Greenbone AG