Test ID:	1.3.6.1.4.1.25623.1.1.13.2015.349.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2015-349-01)
Summary:	The remote host is missing an update for the 'bind' package(s) announced via the SSA:2015-349-01 advisory.
Description:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the SSA:2015-349-01 advisory. Vulnerability Insight: New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz: Upgraded. This update fixes three security issues: Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193. Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) Address fetch context reference count handling error on socket error. (CVE-2015-8461) For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'bind' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3193 1034294 http://www.securitytracker.com/id/1034294 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl 78705 http://www.securityfocus.com/bid/78705 91787 http://www.securityfocus.com/bid/91787 SSA:2015-349-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 SSA:2015-349-04 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 USN-2830-1 http://www.ubuntu.com/usn/USN-2830-1 http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://openssl.org/news/secadv/20151203.txt http://www.fortiguard.com/advisory/openssl-advisory-december-2015 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html https://bugzilla.redhat.com/show_bug.cgi?id=1288317 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 https://kb.isc.org/article/AA-01438 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 Common Vulnerability Exposure (CVE) ID: CVE-2015-8000 BugTraq ID: 79349 http://www.securityfocus.com/bid/79349 Debian Security Information: DSA-3420 (Google Search) http://www.debian.org/security/2015/dsa-3420 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html HPdes Security Advisory: HPSBUX03552 http://marc.info/?l=bugtraq&m=145680832702035&w=2 HPdes Security Advisory: SSRT102983 http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html RedHat Security Advisories: RHSA-2015:2655 http://rhn.redhat.com/errata/RHSA-2015-2655.html RedHat Security Advisories: RHSA-2015:2656 http://rhn.redhat.com/errata/RHSA-2015-2656.html RedHat Security Advisories: RHSA-2015:2658 http://rhn.redhat.com/errata/RHSA-2015-2658.html RedHat Security Advisories: RHSA-2016:0078 http://rhn.redhat.com/errata/RHSA-2016-0078.html RedHat Security Advisories: RHSA-2016:0079 http://rhn.redhat.com/errata/RHSA-2016-0079.html http://www.securitytracker.com/id/1034418 SuSE Security Announcement: SUSE-SU-2015:2340 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html SuSE Security Announcement: SUSE-SU-2015:2341 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html SuSE Security Announcement: SUSE-SU-2015:2359 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html SuSE Security Announcement: SUSE-SU-2016:0227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html SuSE Security Announcement: openSUSE-SU-2015:2364 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html SuSE Security Announcement: openSUSE-SU-2015:2365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html SuSE Security Announcement: openSUSE-SU-2015:2391 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html http://www.ubuntu.com/usn/USN-2837-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8461 BugTraq ID: 79347 http://www.securityfocus.com/bid/79347 http://www.securitytracker.com/id/1034419
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.