 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.60622 |
| Category: | Gentoo Local Security Checks |
| Title: | Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass) |
| Summary: | The remote host is missing updates announced in;advisory GLSA 200803-30. |
| Description: | Summary: The remote host is missing updates announced in advisory GLSA 200803-30. Vulnerability Insight: An error in the usage of the ssl-cert eclass within multiple ebuilds might allow for disclosure of generated SSL private keys. Solution: Upgrading to newer versions of the above packages will neither remove possibly compromised SSL certificates, nor old binary packages. Please remove the certificates installed by Portage, and then emerge an upgrade to the package. All Conserver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/conserver-8.1.16' All Postfix 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.4.6-r2' All Postfix 2.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.3.8-r1' All Postfix 2.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.2.11-r1' All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-ftp/netkit-ftpd-0.17-r7' All ejabberd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-im/ejabberd-1.1.3' All UnrealIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-irc/unrealircd-3.2.7-r2' All Cyrus IMAP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/cyrus-imapd-2.3.9-r1' All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.0.10' All stunnel 4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/stunnel-4.21' All InterNetNews users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-nntp/inn-2.4.3-r1' CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-1383 BugTraq ID: 28350 http://www.securityfocus.com/bid/28350 http://security.gentoo.org/glsa/glsa-200803-30.xml http://osvdb.org/43479 http://secunia.com/advisories/29436 XForce ISS Database: gentoo-docert-sslkey-weak-security(41336) https://exchange.xforce.ibmcloud.com/vulnerabilities/41336 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |