Ubuntu Local Security Checks : Ubuntu Update for erlang USN-3571-1

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.843449

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu Update for erlang USN-3571-1

Zusammenfassung: The remote host is missing an update for the 'erlang'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'erlang'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that the Erlang FTP module
incorrectly handled certain CRLF sequences. A remote attacker could possibly use
this issue to inject arbitrary FTP commands. This issue only affected Ubuntu
14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC
padding bytes. A remote attacker could possibly use this issue to perform a
padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04
LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain
regular expressions. A remote attacker could possibly use this issue to cause
Erlang to crash, resulting in a denial of service, or execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bck, Juraj
Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly
handled error reporting. A remote attacker could possibly use this issue to
perform a variation of the Bleichenbacher attack and decrypt traffic or sign
messages. (CVE-2017-1000385)

Affected Software/OS:
erlang on Ubuntu 17.10,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-1693
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
http://seclists.org/oss-sec/2014/q1/163
https://usn.ubuntu.com/3571-1/
Common Vulnerability Exposure (CVE) ID: CVE-2015-2774
BugTraq ID: 73398
http://www.securityfocus.com/bid/73398
https://www.imperialviolet.org/2014/12/08/poodleagain.html
http://openwall.com/lists/oss-security/2015/03/27/6
http://openwall.com/lists/oss-security/2015/03/27/9
SuSE Security Announcement: openSUSE-SU-2016:0523 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.843449
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for erlang USN-3571-1
Zusammenfassung:	The remote host is missing an update for the 'erlang'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'erlang' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bck, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385) Affected Software/OS: erlang on Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1693 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:174 http://seclists.org/oss-sec/2014/q1/163 https://usn.ubuntu.com/3571-1/ Common Vulnerability Exposure (CVE) ID: CVE-2015-2774 BugTraq ID: 73398 http://www.securityfocus.com/bid/73398 https://www.imperialviolet.org/2014/12/08/poodleagain.html http://openwall.com/lists/oss-security/2015/03/27/6 http://openwall.com/lists/oss-security/2015/03/27/9 SuSE Security Announcement: openSUSE-SU-2016:0523 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html
Copyright	Copyright (C) 2018 Greenbone Networks GmbH