Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0131)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0131

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0131)

Resumen: The remote host is missing an update for the 'http-parser' package(s) announced via the MGASA-2020-0131 advisory.

Descripción: Summary:
The remote host is missing an update for the 'http-parser' package(s) announced via the MGASA-2020-0131 advisory.

Vulnerability Insight:
http-parser has been updated to fix a security issue.

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload
delivery when transfer-encoding is malformed (VE-2019-15605).

Affected Software/OS:
'http-parser' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-15605
https://nodejs.org/en/blog/release/v10.19.0/
https://nodejs.org/en/blog/release/v12.15.0/
https://nodejs.org/en/blog/release/v13.8.0/
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
https://security.netapp.com/advisory/ntap-20200221-0004/
Debian Security Information: DSA-4669 (Google Search)
https://www.debian.org/security/2020/dsa-4669
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/
https://security.gentoo.org/glsa/202003-48
https://hackerone.com/reports/735748
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
RedHat Security Advisories: RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0573
RedHat Security Advisories: RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0579
RedHat Security Advisories: RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0597
RedHat Security Advisories: RHSA-2020:0598
https://access.redhat.com/errata/RHSA-2020:0598
RedHat Security Advisories: RHSA-2020:0602
https://access.redhat.com/errata/RHSA-2020:0602
RedHat Security Advisories: RHSA-2020:0703
https://access.redhat.com/errata/RHSA-2020:0703
RedHat Security Advisories: RHSA-2020:0707
https://access.redhat.com/errata/RHSA-2020:0707
RedHat Security Advisories: RHSA-2020:0708
https://access.redhat.com/errata/RHSA-2020:0708
SuSE Security Announcement: openSUSE-SU-2020:0293 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0131
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0131)
Resumen:	The remote host is missing an update for the 'http-parser' package(s) announced via the MGASA-2020-0131 advisory.
Descripción:	Summary: The remote host is missing an update for the 'http-parser' package(s) announced via the MGASA-2020-0131 advisory. Vulnerability Insight: http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (VE-2019-15605). Affected Software/OS: 'http-parser' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15605 https://nodejs.org/en/blog/release/v10.19.0/ https://nodejs.org/en/blog/release/v12.15.0/ https://nodejs.org/en/blog/release/v13.8.0/ https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ https://security.netapp.com/advisory/ntap-20200221-0004/ Debian Security Information: DSA-4669 (Google Search) https://www.debian.org/security/2020/dsa-4669 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ https://security.gentoo.org/glsa/202003-48 https://hackerone.com/reports/735748 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2020.html RedHat Security Advisories: RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573 RedHat Security Advisories: RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579 RedHat Security Advisories: RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597 RedHat Security Advisories: RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598 RedHat Security Advisories: RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602 RedHat Security Advisories: RHSA-2020:0703 https://access.redhat.com/errata/RHSA-2020:0703 RedHat Security Advisories: RHSA-2020:0707 https://access.redhat.com/errata/RHSA-2020:0707 RedHat Security Advisories: RHSA-2020:0708 https://access.redhat.com/errata/RHSA-2020:0708 SuSE Security Announcement: openSUSE-SU-2020:0293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
Copyright	Copyright (C) 2022 Greenbone AG