ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2017.180.03
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2017-180-03)
Resumen:	The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2017-180-03 advisory.
Descripción:	Summary: The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2017-180-03 advisory. Vulnerability Insight: New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.26-i586-1_slack14.2.txz: Upgraded. This update fixes security issues which may lead to an authentication bypass or a denial of service: important: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167 important: mod_ssl Null Pointer Dereference CVE-2017-3169 important: mod_http2 Null Pointer Dereference CVE-2017-7659 important: ap_find_token() Buffer Overread CVE-2017-7668 important: mod_mime Buffer Overread CVE-2017-7679 For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'httpd' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3167 BugTraq ID: 99135 http://www.securityfocus.com/bid/99135 Debian Security Information: DSA-3896 (Google Search) http://www.debian.org/security/2017/dsa-3896 https://security.gentoo.org/glsa/201710-32 https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2478 RedHat Security Advisories: RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2479 RedHat Security Advisories: RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483 RedHat Security Advisories: RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193 RedHat Security Advisories: RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194 RedHat Security Advisories: RHSA-2017:3195 https://access.redhat.com/errata/RHSA-2017:3195 RedHat Security Advisories: RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3475 RedHat Security Advisories: RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3476 RedHat Security Advisories: RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2017:3477 http://www.securitytracker.com/id/1038711 Common Vulnerability Exposure (CVE) ID: CVE-2017-3169 BugTraq ID: 99134 http://www.securityfocus.com/bid/99134 https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169 https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2017-7659 BugTraq ID: 99132 http://www.securityfocus.com/bid/99132 https://lists.apache.org/thread.html/1d0b746bbaa3a64890fcdab59ee9050aaa633b7143e7d412374e5a9a@%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2017-7668 BugTraq ID: 99137 http://www.securityfocus.com/bid/99137 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b@%3Cdev.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2017-7679 BugTraq ID: 99170 http://www.securityfocus.com/bid/99170 https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679 https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.