Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2013.0618.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2013:0618-1)
Resumen:The remote host is missing an update for the 'puppet' package(s) announced via the SUSE-SU-2013:0618-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'puppet' package(s) announced via the SUSE-SU-2013:0618-1 advisory.

Vulnerability Insight:
puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs.

* (#19391) Find the catalog for the specified node name
* Don't assume master supports SSLv2
* Don't require openssl client to return 0 on failure
* Display SSL messages so we can match our regex
* Don't assume puppetbindir is defined
* Remove unnecessary rubygems require
* Run openssl from windows when trying to downgrade master
* Separate tests for same CVEs into separate files
* Fix order-dependent test failure in rest_authconfig_spec
* Always read request body when using Rack
* (#19392) (CVE-2013-1653) Fix acceptance test to catch unvalidated model on 2.6
* (#19392) (CVE-2013-1653) Validate indirection model in save handler
* Acceptance tests for CVEs 2013 (1640, 1652, 1653,
1654, 2274, 2275)
* (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname
* (#19391) Backport Request#remote? method
* (#8858) Explicitly set SSL peer verification mode.
* (#8858) Refactor tests to use real HTTP objects
* (#19392) (CVE-2013-1653) Validate instances passed to indirector
* (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests
* (#19151) Reject SSLv2 SSL handshakes and ciphers
* (#14093) Restore access to the filename in the template
* (#14093) Remove unsafe attributes from TemplateWrapper

Security Issue references:

* CVE-2013-2275
>
* CVE-2013-2274
>
* CVE-2013-1655
>
* CVE-2013-1654
>
* CVE-2013-1653
>
* CVE-2013-1652
>
* CVE-2013-1640
>

Affected Software/OS:
'puppet' package(s) on SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Desktop 11 SP2

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1640
Debian Security Information: DSA-2643 (Google Search)
http://www.debian.org/security/2013/dsa-2643
RedHat Security Advisories: RHSA-2013:0710
http://rhn.redhat.com/errata/RHSA-2013-0710.html
http://secunia.com/advisories/52596
SuSE Security Announcement: SUSE-SU-2013:0618 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:0641 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
http://ubuntu.com/usn/usn-1759-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1652
BugTraq ID: 58443
http://www.securityfocus.com/bid/58443
Common Vulnerability Exposure (CVE) ID: CVE-2013-1653
BugTraq ID: 58446
http://www.securityfocus.com/bid/58446
Common Vulnerability Exposure (CVE) ID: CVE-2013-1654
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Common Vulnerability Exposure (CVE) ID: CVE-2013-1655
BugTraq ID: 58442
http://www.securityfocus.com/bid/58442
Common Vulnerability Exposure (CVE) ID: CVE-2013-2274
BugTraq ID: 58447
http://www.securityfocus.com/bid/58447
Common Vulnerability Exposure (CVE) ID: CVE-2013-2275
BugTraq ID: 58449
http://www.securityfocus.com/bid/58449
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.