Lucene search

Gentoo FoundationMGASA-2013-0351

HistoryNov 22, 2013 - 11:16 p.m.

Updated bip packages fix CVE-2013-4550

2013-11-2223:16:14

Gentoo Foundation

advisories.mageia.org

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.7%

JSON

Updated bip package fixes security vulnerability: bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a resource leak. A remote attacker can use this flaw to cause bip to run out of resources, resulting in a denial of service (CVE-2013-4550).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchbip< 0.8.8-5.3bip-0.8.8-5.3.mga2
Mageia3noarchbip< 0.8.8-11.1bip-0.8.8-11.1.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	2	noarch	bip	< 0.8.8-5.3	bip-0.8.8-5.3.mga2
Mageia	3	noarch	bip	< 0.8.8-11.1	bip-0.8.8-11.1.mga3

References

bugs.mageia.org/show_bug.cgi?id=11723

lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for MGASA-2013-0351