Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2013.0618.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2013:0618-1)
Zusammenfassung:The remote host is missing an update for the 'puppet' package(s) announced via the SUSE-SU-2013:0618-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'puppet' package(s) announced via the SUSE-SU-2013:0618-1 advisory.

Vulnerability Insight:
puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs.

* (#19391) Find the catalog for the specified node name
* Don't assume master supports SSLv2
* Don't require openssl client to return 0 on failure
* Display SSL messages so we can match our regex
* Don't assume puppetbindir is defined
* Remove unnecessary rubygems require
* Run openssl from windows when trying to downgrade master
* Separate tests for same CVEs into separate files
* Fix order-dependent test failure in rest_authconfig_spec
* Always read request body when using Rack
* (#19392) (CVE-2013-1653) Fix acceptance test to catch unvalidated model on 2.6
* (#19392) (CVE-2013-1653) Validate indirection model in save handler
* Acceptance tests for CVEs 2013 (1640, 1652, 1653,
1654, 2274, 2275)
* (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname
* (#19391) Backport Request#remote? method
* (#8858) Explicitly set SSL peer verification mode.
* (#8858) Refactor tests to use real HTTP objects
* (#19392) (CVE-2013-1653) Validate instances passed to indirector
* (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests
* (#19151) Reject SSLv2 SSL handshakes and ciphers
* (#14093) Restore access to the filename in the template
* (#14093) Remove unsafe attributes from TemplateWrapper

Security Issue references:

* CVE-2013-2275
>
* CVE-2013-2274
>
* CVE-2013-1655
>
* CVE-2013-1654
>
* CVE-2013-1653
>
* CVE-2013-1652
>
* CVE-2013-1640
>

Affected Software/OS:
'puppet' package(s) on SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Server 11 SP2.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-1640
Debian Security Information: DSA-2643 (Google Search)
http://www.debian.org/security/2013/dsa-2643
RedHat Security Advisories: RHSA-2013:0710
http://rhn.redhat.com/errata/RHSA-2013-0710.html
http://secunia.com/advisories/52596
SuSE Security Announcement: SUSE-SU-2013:0618 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:0641 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
http://ubuntu.com/usn/usn-1759-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1652
BugTraq ID: 58443
http://www.securityfocus.com/bid/58443
Common Vulnerability Exposure (CVE) ID: CVE-2013-1653
BugTraq ID: 58446
http://www.securityfocus.com/bid/58446
Common Vulnerability Exposure (CVE) ID: CVE-2013-1654
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Common Vulnerability Exposure (CVE) ID: CVE-2013-1655
BugTraq ID: 58442
http://www.securityfocus.com/bid/58442
Common Vulnerability Exposure (CVE) ID: CVE-2013-2274
BugTraq ID: 58447
http://www.securityfocus.com/bid/58447
Common Vulnerability Exposure (CVE) ID: CVE-2013-2275
BugTraq ID: 58449
http://www.securityfocus.com/bid/58449
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.