 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.131224 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2016-0054) |
| Summary: | The remote host is missing an update for the 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) announced via the MGASA-2016-0054 advisory. |
| Description: | Summary: The remote host is missing an update for the 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) announced via the MGASA-2016-0054 advisory. Vulnerability Insight: Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message (CVE-2015-5291). Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session (CVE-2015-8036). The mbedtls package has been updated to version 1.3.16, which contains several other bug fixes, security fixes, and security enhancements. The hiawatha package, which uses the polarssl/mbedtls library, has been updated to version 9.13 for improved compatibility. The belle-sip library package has been updated to version 1.4.2 for improved compatibility and the linphone package has been rebuilt against mbedtls. The pdns package has also been rebuilt against mbedtls. Affected Software/OS: 'belle-sip, hiawatha, linphone, mbedtls, pdns' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5291 Debian Security Information: DSA-3468 (Google Search) http://www.debian.org/security/2016/dsa-3468 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html https://security.gentoo.org/glsa/201706-18 https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/ SuSE Security Announcement: openSUSE-SU-2015:2257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:2371 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8036 SuSE Security Announcement: openSUSE-SU-2016:1928 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |