Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2378)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122756

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-2378)

Resumen: The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.

Descripción: Summary:
The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.

Vulnerability Insight:
[7:3.3.8-26]
- Related: #1186768 - removing patch, because of missing tests and
incorrect patch

[7:3.3.8-25]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Squid needs write access to /var/run/squid.

[7:3.3.8-24]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of /var/run/squid was also needed to be in SPEC file.

[7:3.3.8-23]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of this directory was moved to tmpfiles.d conf file.

[7:3.3.8-22]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of this directory was moved to service file.

[7:3.3.8-21]
- Resolves: #1263338 - squid with digest auth on big endian systems
start looping

[7:3.3.8-20]
- Resolves: #1186768 - security issue: Nonce replay vulnerability
in Digest authentication

[7:3.3.8-19]
- Resolves: #1225640 - squid crashes by segfault when it reboots

[7:3.3.8-18]
- Resolves: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode

[7:3.3.8-17]
- Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server
certificate validation

[7:3.3.8-16]
- Resolves: #1080042 - Supply a firewalld service file with squid

[7:3.3.8-15]
- Resolves: #1161600 - Squid does not serve cached responses
with Vary headers

[7:3.3.8-14]
- Resolves: #1198778 - Filedescriptor leaks on snmp

[7:3.3.8-13]
- Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls
using applications

Affected Software/OS:
'squid' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3455
BugTraq ID: 74438
http://www.securityfocus.com/bid/74438
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
RedHat Security Advisories: RHSA-2015:2378
http://rhn.redhat.com/errata/RHSA-2015-2378.html
http://www.securitytracker.com/id/1032221
SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122756
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-2378)
Resumen:	The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.
Descripción:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory. Vulnerability Insight: [7:3.3.8-26] - Related: #1186768 - removing patch, because of missing tests and incorrect patch [7:3.3.8-25] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Squid needs write access to /var/run/squid. [7:3.3.8-24] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of /var/run/squid was also needed to be in SPEC file. [7:3.3.8-23] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to tmpfiles.d conf file. [7:3.3.8-22] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to service file. [7:3.3.8-21] - Resolves: #1263338 - squid with digest auth on big endian systems start looping [7:3.3.8-20] - Resolves: #1186768 - security issue: Nonce replay vulnerability in Digest authentication [7:3.3.8-19] - Resolves: #1225640 - squid crashes by segfault when it reboots [7:3.3.8-18] - Resolves: #1102842 - squid rpm package misses /var/run/squid needed for smp mode [7:3.3.8-17] - Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server certificate validation [7:3.3.8-16] - Resolves: #1080042 - Supply a firewalld service file with squid [7:3.3.8-15] - Resolves: #1161600 - Squid does not serve cached responses with Vary headers [7:3.3.8-14] - Resolves: #1198778 - Filedescriptor leaks on snmp [7:3.3.8-13] - Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls using applications Affected Software/OS: 'squid' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3455 BugTraq ID: 74438 http://www.securityfocus.com/bid/74438 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:230 RedHat Security Advisories: RHSA-2015:2378 http://rhn.redhat.com/errata/RHSA-2015-2378.html http://www.securitytracker.com/id/1032221 SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Copyright	Copyright (C) 2015 Greenbone AG