Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2378)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122756

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2015-2378)

Zusammenfassung: The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.

Vulnerability Insight:
[7:3.3.8-26]
- Related: #1186768 - removing patch, because of missing tests and
incorrect patch

[7:3.3.8-25]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Squid needs write access to /var/run/squid.

[7:3.3.8-24]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of /var/run/squid was also needed to be in SPEC file.

[7:3.3.8-23]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of this directory was moved to tmpfiles.d conf file.

[7:3.3.8-22]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of this directory was moved to service file.

[7:3.3.8-21]
- Resolves: #1263338 - squid with digest auth on big endian systems
start looping

[7:3.3.8-20]
- Resolves: #1186768 - security issue: Nonce replay vulnerability
in Digest authentication

[7:3.3.8-19]
- Resolves: #1225640 - squid crashes by segfault when it reboots

[7:3.3.8-18]
- Resolves: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode

[7:3.3.8-17]
- Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server
certificate validation

[7:3.3.8-16]
- Resolves: #1080042 - Supply a firewalld service file with squid

[7:3.3.8-15]
- Resolves: #1161600 - Squid does not serve cached responses
with Vary headers

[7:3.3.8-14]
- Resolves: #1198778 - Filedescriptor leaks on snmp

[7:3.3.8-13]
- Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls
using applications

Affected Software/OS:
'squid' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3455
BugTraq ID: 74438
http://www.securityfocus.com/bid/74438
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
RedHat Security Advisories: RHSA-2015:2378
http://rhn.redhat.com/errata/RHSA-2015-2378.html
http://www.securitytracker.com/id/1032221
SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122756
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-2378)
Zusammenfassung:	The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory. Vulnerability Insight: [7:3.3.8-26] - Related: #1186768 - removing patch, because of missing tests and incorrect patch [7:3.3.8-25] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Squid needs write access to /var/run/squid. [7:3.3.8-24] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of /var/run/squid was also needed to be in SPEC file. [7:3.3.8-23] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to tmpfiles.d conf file. [7:3.3.8-22] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to service file. [7:3.3.8-21] - Resolves: #1263338 - squid with digest auth on big endian systems start looping [7:3.3.8-20] - Resolves: #1186768 - security issue: Nonce replay vulnerability in Digest authentication [7:3.3.8-19] - Resolves: #1225640 - squid crashes by segfault when it reboots [7:3.3.8-18] - Resolves: #1102842 - squid rpm package misses /var/run/squid needed for smp mode [7:3.3.8-17] - Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server certificate validation [7:3.3.8-16] - Resolves: #1080042 - Supply a firewalld service file with squid [7:3.3.8-15] - Resolves: #1161600 - Squid does not serve cached responses with Vary headers [7:3.3.8-14] - Resolves: #1198778 - Filedescriptor leaks on snmp [7:3.3.8-13] - Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls using applications Affected Software/OS: 'squid' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3455 BugTraq ID: 74438 http://www.securityfocus.com/bid/74438 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:230 RedHat Security Advisories: RHSA-2015:2378 http://rhn.redhat.com/errata/RHSA-2015-2378.html http://www.securitytracker.com/id/1032221 SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Copyright	Copyright (C) 2015 Greenbone AG