Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851120
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for haproxy (openSUSE-SU-2015:1831-1)
Zusammenfassung:The remote host is missing an update for the 'haproxy'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'haproxy'
package(s) announced via the referenced advisory.

Vulnerability Insight:
haproxy was updated to fix two security issues.

These security issues were fixed:

- CVE-2015-3281: The buffer_slow_realign function in HAProxy did not
properly realign a buffer that is used for pending outgoing data, which
allowed remote attackers to obtain sensitive information (uninitialized
memory contents of previous requests) via a crafted request (bsc#937042).

- Changed DH parameters to prevent Logjam attack.

These non-security issues were fixed:

- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect
output data

- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id

- MEDIUM: ssl: replace standards DH groups with custom ones

- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten

- MINOR: ssl: add a destructor to free allocated SSL resources

- BUG/MINOR: ssl: Display correct filename in error message

- MINOR: ssl: load certificates in alphabetical order

- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
healthchecks

- BUG/MEDIUM: ssl: force a full GC in case of memory shortage

- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of
OOM.

- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates

- MINOR: ssl: add statement to force some ssl options in global.

- MINOR: ssl: add 'ssl_c_der' and 'ssl_f_der' to return DER
formatted certs

Affected Software/OS:
haproxy on openSUSE 13.2

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3281
BugTraq ID: 75554
http://www.securityfocus.com/bid/75554
Debian Security Information: DSA-3301 (Google Search)
http://www.debian.org/security/2015/dsa-3301
RedHat Security Advisories: RHSA-2015:1741
http://rhn.redhat.com/errata/RHSA-2015-1741.html
RedHat Security Advisories: RHSA-2015:2666
http://rhn.redhat.com/errata/RHSA-2015-2666.html
SuSE Security Announcement: SUSE-SU-2015:1663 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
SuSE Security Announcement: openSUSE-SU-2015:1831 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html
http://www.ubuntu.com/usn/USN-2668-1
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.