Newest Plugins

SuSE 11.3 Security Update : file (SAT Patch Number 9982)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

file was updated to fix one security issue.

- An out-of-bounds read flaw file's donote() function.
This could possibly lead to file executable crash.
(CVE-2014-3710)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=902367
http://support.novell.com/security/cve/CVE-2014-3710.html

Solution :

Apply SAT patch number 9982.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : gnutls (openSUSE-SU-2014:1472-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

gnutls was updated to fix one security issue.
This security issue
was fixed :

- Parsing problem in elliptic curve blobs over TLS that
could lead to remote crashes (CVE-2014-8564).

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html
https://bugzilla.opensuse.org/show_bug.cgi?id=904603

Solution :

Update the affected gnutls packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : libvirt (openSUSE-SU-2014:1471-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

libvirt was updated to fix one security issue.

This security issue was fixed :

- Security issue with migratable flag (CVE-2014-7823).

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html
https://bugzilla.opensuse.org/show_bug.cgi?id=904176

Solution :

Update the affected libvirt packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : krb5 (MDVSA-2014:224)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated krb5 packages fix security vulnerability :

The kadm5_randkey_principal_3 function in
lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5)
before 1.13 sends old keys in a response to a -randkey -keepold
request, which allows remote authenticated users to forge tickets by
leveraging administrative access (CVE-2014-5351).

See also :

http://advisories.mageia.org/MGASA-2014-0477.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : wireshark (MDVSA-2014:223)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated wireshark packages fix security vulnerabilities :

SigComp UDVM buffer overflow (CVE-2014-8710).

AMQP crash (CVE-2014-8711).

NCP crashes (CVE-2014-8712, CVE-2014-8713).

TN5250 infinite loops (CVE-2014-8714).

See also :

http://advisories.mageia.org/MGASA-2014-0471.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : libvirt (MDVSA-2014:222)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated libvirt packages fix security vulnerability :

Eric Blake discovered that libvirt incorrectly handled permissions
when processing the qemuDomainFormatXML command. An attacker with
read-only privileges could possibly use this to gain access to certain
information from the domain xml file (CVE-2014-7823).

See also :

http://advisories.mageia.org/MGASA-2014-0470.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : php-smarty (MDVSA-2014:221)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:



Updated packages



MBS1
x86_64

 38a8116d38c6a5e28253eb661efb95fe
mbs1/x86_64/php-smarty-3.1.21-1.mbs1.noarch.rpm
11a6b6429cce35fe9f6b6c621eff5ef9
mbs1/x86_64/php-smarty-doc-3.1.21-1.mbs1.noarch.rpm
b193233fb2a189c10e77c530801e210f
mbs1/SRPMS/php-smarty-3.1.21-1.mbs1.src.rpm


References



  • href='http://advisories.mageia.org/MGASA-2014-0468.html'>http://adviso
    ries.mageia.org/MGASA-2014-0468.html


  • href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014
    -8350'>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201
    4-8350


  • href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012
    -4437'>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201
    2-4437