Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0390)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0390

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0390)

Resumen: The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2017-0390 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2017-0390 advisory.

Vulnerability Insight:
This update provides the virtualbox 5.1.30 maintenance release, fixing
security and other issues:

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad
parameters for a DHE or ECDHE key exchange then this can result in
the client attempting to dereference a NULL pointer leading to a
client crash. This could be exploited in a Denial of Service attack
(CVE-2017-3730).

OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds
read when using a specific cipher. By sending specially crafted truncated
packets, a remote attacker could exploit this vulnerability using
CHACHA20/POLY1305 to cause the application to crash (CVE-2017-3731).

OpenSSL could allow a remote attacker to obtain sensitive information,
caused by a propagation error in the BN_mod_exp() function. An attacker
could exploit this vulnerability to obtain information about the private
key (CVE-2017-3732).

During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa)
then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on
ciphersuite). Both clients and servers are affected (CVE-2017-3733)

A local user can exploit a flaw in the Oracle VM VirtualBox Core component
to partially access data, partially modify data, and deny service
(CVE-2017-10392, CVE-2017-10407, CVE-2017-10408).

A local user can exploit a flaw in the Oracle VM VirtualBox Core component
to partially access data, partially modify data, and partially deny service
(CVE-2017-10428).

For other fixes in this update see the referenced changelog.

Affected Software/OS:
'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-10392
BugTraq ID: 101368
http://www.securityfocus.com/bid/101368
http://www.securitytracker.com/id/1039599
Common Vulnerability Exposure (CVE) ID: CVE-2017-10407
BugTraq ID: 101370
http://www.securityfocus.com/bid/101370
Common Vulnerability Exposure (CVE) ID: CVE-2017-10408
BugTraq ID: 101371
http://www.securityfocus.com/bid/101371
Common Vulnerability Exposure (CVE) ID: CVE-2017-10428
BugTraq ID: 101362
http://www.securityfocus.com/bid/101362
Common Vulnerability Exposure (CVE) ID: CVE-2017-2730
Common Vulnerability Exposure (CVE) ID: CVE-2017-3731
BugTraq ID: 95813
http://www.securityfocus.com/bid/95813
Debian Security Information: DSA-3773 (Google Search)
http://www.debian.org/security/2017/dsa-3773
FreeBSD Security Advisory: FreeBSD-SA-17:02
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
RedHat Security Advisories: RHSA-2017:0286
http://rhn.redhat.com/errata/RHSA-2017-0286.html
RedHat Security Advisories: RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2185
RedHat Security Advisories: RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2186
RedHat Security Advisories: RHSA-2018:2187
https://access.redhat.com/errata/RHSA-2018:2187
http://www.securitytracker.com/id/1037717
Common Vulnerability Exposure (CVE) ID: CVE-2017-3732
BugTraq ID: 95814
http://www.securityfocus.com/bid/95814
https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
Common Vulnerability Exposure (CVE) ID: CVE-2017-3733
BugTraq ID: 96269
http://www.securityfocus.com/bid/96269
https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2
http://www.securitytracker.com/id/1037846

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0390
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0390)
Resumen:	The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2017-0390 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2017-0390 advisory. Vulnerability Insight: This update provides the virtualbox 5.1.30 maintenance release, fixing security and other issues: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack (CVE-2017-3730). OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash (CVE-2017-3731). OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key (CVE-2017-3732). During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected (CVE-2017-3733) A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service (CVE-2017-10392, CVE-2017-10407, CVE-2017-10408). A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and partially deny service (CVE-2017-10428). For other fixes in this update see the referenced changelog. Affected Software/OS: 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10392 BugTraq ID: 101368 http://www.securityfocus.com/bid/101368 http://www.securitytracker.com/id/1039599 Common Vulnerability Exposure (CVE) ID: CVE-2017-10407 BugTraq ID: 101370 http://www.securityfocus.com/bid/101370 Common Vulnerability Exposure (CVE) ID: CVE-2017-10408 BugTraq ID: 101371 http://www.securityfocus.com/bid/101371 Common Vulnerability Exposure (CVE) ID: CVE-2017-10428 BugTraq ID: 101362 http://www.securityfocus.com/bid/101362 Common Vulnerability Exposure (CVE) ID: CVE-2017-2730 Common Vulnerability Exposure (CVE) ID: CVE-2017-3731 BugTraq ID: 95813 http://www.securityfocus.com/bid/95813 Debian Security Information: DSA-3773 (Google Search) http://www.debian.org/security/2017/dsa-3773 FreeBSD Security Advisory: FreeBSD-SA-17:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc https://security.gentoo.org/glsa/201702-07 https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2017:0286 http://rhn.redhat.com/errata/RHSA-2017-0286.html RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 http://www.securitytracker.com/id/1037717 Common Vulnerability Exposure (CVE) ID: CVE-2017-3732 BugTraq ID: 95814 http://www.securityfocus.com/bid/95814 https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 Common Vulnerability Exposure (CVE) ID: CVE-2017-3733 BugTraq ID: 96269 http://www.securityfocus.com/bid/96269 https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2 http://www.securitytracker.com/id/1037846
Copyright	Copyright (C) 2022 Greenbone AG