| Descripción: | Description:
The remote host is missing updates announced in
advisory TSLSA-2005-0047.
apache < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: ssl_engine_kernel.c in mod_ssl before 2.8.24, when using
SSLVerifyClient optional in the global virtual host configuration,
does not properly enforce SSLVerifyClient require in a per-location
context, which allows remote attackers to bypass intended access
restrictions.
- The byte-range filter in Apache 2.0 allows remote attackers to cause a
denial of service (memory consumption) via an HTTP header with a large
Range field.
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-2700 and CVE-2005-2728 to this issue.
openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream
- SECURITY Fix: An error in handling dynamic port forwardings when no
listen address is specified, can cause GatewayPorts to be incorrectly
activated.
- An error in handling GSSAPI credential delegation can allow a user, who
did not login using GSSAPI authentication, to be delegated with GSSAPI
credentials.
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-2798 to this issue.
squid < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Fixed DOS Vulnerability, Alex Masterov has reported a
vulnerability in Squid, which potentially can be exploited by malicious
people to cause a DoS (Denial of Service). The vulnerability is caused
due to an unspecified error in the sslConnectTimeout() function after
handling malformed requests.
- Fixed Squid crashes with the assertion failure in certain conditions
involving aborted requests.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0047
Risk factor : Critical
CVSS Score:
10.0
|
